Burp community forum

exclude scope setting for new burp pro 2.1

Adam | Last updated: Jul 19, 2019 09:16PM UTC

In the old burp, before you kick off the spidering and scanning. There was a option to exclude specific file extension like docx or pdf or exe. In the new version of burp this is option is listed in the audit select items. This not everything I need. https://portswigger.net/burp/documentation/desktop/scanning/scan-launcher I found this url-matching https://portswigger.net/burp/documentation/desktop/functions/url-matching Which allows you to create a scope library to use at the beginning of the crawl and auditing. I have try to create advance scope control Here are my setting, Included URL's Protocol: HTTPS All the rest blank (to allow any website) Excluded URL's Protocol: HTTPS Host/IP range: (company IP address range) Port : ^443$ File: ^\.pdf.* ( idea is if it finds a thread with .pdf at the end to no scan it) Any help with this would be very much gratefully

Liam, PortSwigger Agent | Last updated: Jul 23, 2019 08:05AM UTC

Thanks for your message Adam. The method you are currently using is the advised workaround for now. We do plan to add an option for this now we have implemented our own embedded browser. We'll update you when we've made some progress.

Liam, PortSwigger Agent | Last updated: Jul 24, 2019 01:29PM UTC

Thanks for the update Adam.

Burp User | Last updated: Jul 24, 2019 03:27PM UTC

Awesome Liam Love the new burp suite

Burp User | Last updated: Jul 24, 2019 08:29PM UTC

Hey Liam With the help of a few other people. I was able to get this to work. Here is my code { "scope":{ "advanced_mode":true, "exclude":[ { "enabled":true, "file":"^/*.(pdf|docx)", "port":"^443$", "protocol":"https" } ], "include":[ { "enabled":true, "protocol":"https" } ] } }

You need to Log in to post a reply. Or register here, for free.