Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Drop "Exlude from scope" requests.

Ben | Last updated: Nov 08, 2021 10:14PM UTC

I am trying to develop my passive OSINT methodology and as such would like to drop any requests to the client's infrastructure. I add these to "Exlude from scope" both in the project and target tabs (and several permutations). I then have selected the "Drop all out-of-scope requests". However this appears to drop all requests. Any help would be appreciated.

Ben, PortSwigger Agent | Last updated: Nov 09, 2021 11:53AM UTC

Hi, Just to clarify, have you actually set any hosts or URLs to be in-scope?

Ben | Last updated: Nov 09, 2021 03:31PM UTC

Hi, Thanks for the reply. Not in this case. I want everything to be in scope *except* certain resources.

Ben, PortSwigger Agent | Last updated: Nov 10, 2021 09:18AM UTC

Hi, It sounds like you would need to actually configure a scope to perform the action that you desire - the 'drop all out-of-scope requests' functionality is effectively checking each request that is passing through Burp against the list of in-scope items. In your situation nothing is considered in-scope so all of the requests are being dropped. If you navigate to the Target -> Scope tab and enable the 'Use advanced scope control' option. If you then click 'Add' under 'Include in scope' but then leave all the fields empty and as default then this should mean that all traffic is now considered in-scope. If you then configure your 'Exclude from scope' and 'Drop all out-of-scope requests' as you were doing previously (so that you have configured the list of URLs/hosts that you do not wish to interact with) this should then mean that Burp is behaving as you want it to with Burp considering everything in-scope bar the URLs that you have explicitly configured Burp not to interact with. Any requests to those URLs should then be dropped when they pass through Burp because of the 'Drop all out-of-scope requests' setting that you have configured. It is probably worth sounding a note of caution when setting all traffic to be in-scope as you risk automatically initiating actions against public third parties for which you are not authorized. If seeing screenshots of these settings would be easier for you then please feel to email us at support@portswigger.net and we can attach these via email.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.