Burp Suite User Forum

Login to post

exclude static resources

burptryq | Last updated: Mar 24, 2020 05:27PM UTC

Hello! How can I to construct a regex correctly to exclude files in Advantage Scope in "live audit scan"? For example, how can I to exclude static resources. I tried: ^.*?\.(css|xml|woff2)$ (?:\.css$|\.svg$|\.png$|\.jpeg$|\.jpg$|\.gif$|\.pdf$|\.svg$|\.md$|\.ico$|\.js$|\.htm$|\.woff2$|\.woff$|\.xml$|\.txt$|\.md$|\.ttf$|\.webp$|\.doc$|\.docx$) (?:css|svg|png|jpeg|jpg|gif|pdf|svg|md|ico|js|htm|html|txt|md|woff2|woff|webp|ttf|xml|doc|docx|bmp|mp3|mp4)$ (css|svg|png|jpeg|jpg|gif|pdf|svg|md|ico|js|htm|html|txt|md|woff2|woff|webp|ttf|xml|doc|docx|bmp|mp3|mp4) but it didn't work

Liam, PortSwigger Agent | Last updated: Mar 25, 2020 09:25AM UTC

Do you mean the Advanced scope rules? Have you tried using a regex checker? - https://regex101.com/

burptryq | Last updated: Mar 25, 2020 05:48PM UTC


Liam, PortSwigger Agent | Last updated: Mar 26, 2020 03:02PM UTC

Thanks for sharing the screenshot. It doesn't look like that regex will work for your requirements. What exactly do you need to exclude? Top exclude static file types, you can use: .*\.(css|js|etc...)

burptryq | Last updated: Mar 26, 2020 06:35PM UTC

https://i.imgur.com/jYBLOI3.png still scaning js, css anf other static files

Michelle, PortSwigger Agent | Last updated: Mar 27, 2020 12:03PM UTC

From the screenshot, I'm afraid I can't quite make out what the first two characters in the file section are. Could you maybe post a sample of the text? Have you tried out the format posted earlier? Let us know if it helps as it could give a good base to work from for what you need: .*\.(css|js|etc...)

You need to Log in to post a reply. Or register here, for free.