Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Hide From Proxy - Right-Click Option

Ryan | Last updated: Jun 29, 2020 03:21PM UTC

It would be extremely useful to have a right-click option of 'Prevent Burp From Proxying' that could auto-regex a domain and remove it from showing up in proxy history (or any other tools). When testing a site with trackers they can clutter the proxy history view when viewing all requests. I have resorted to adding domains to the TLS passthrough list so I can keep the proxy history showing all items, in-case of out-of-scope domain requests I might not otherwise notice occur, and keep the history from showing tons of tracker requests. Just like with 'Add to Scope' an easy way to prevent pesky domains from showing up in the proxy history would be quite useful. (and still maintain the 'view showing all items') Thanks, Ryan

Uthman, PortSwigger Agent | Last updated: Jun 29, 2020 03:48PM UTC

Hi Ryan, Have you considered enabling 'Don't send items to Proxy history or live tasks, if out of scope' under Proxy > Options > Miscellaneous? Is your suggestion to have an 'exclude from scope' option in the context menu that automatically adds a domain to the 'Exclude from scope' option under Target > Scope? If you use advanced scope control, you should be able to paste in a URL at it will automatically configure the regex for you.

Mattia | Last updated: Oct 22, 2020 10:26AM UTC

I think an "exclude from proxy" feature, that goes beyond external domains, would be very useful. Some applications make recurrent requests to different URLs (e.g. for diagnostics or statistics purposes) and they clutter the proxy history. These URLs should be considered in scope, just hidden from the proxy history. It is possible to use the "negative regex" search for this purpose, but it is not convenient: it is computationally more expensive and does not allow to use the search feature anymore. In my opinion the best solution would be to have a configuration option similar to the "Intercept Client Requests" that is called "Log Client Requests" and has the same configuration/filtering options.

Michelle, PortSwigger Agent | Last updated: Oct 23, 2020 09:21AM UTC

To help us understand your requirements, could you tell us a bit more about your use case, please? It would be good to understand the importance of keeping the URLs in scope whilst not keeping a record of the requests in the proxy history.

Haiku | Last updated: Nov 30, 2020 02:22PM UTC

Hi Michelle, let me see if I can illustrate the issue; So, let’s say you want to inspect example.com but that url call 6 other site which might be connected to it or not you would like to exclude them from the history and your dashboard. Another things that compounds to this issue is when the Brower your using also make outbound calls to services like https://push.services.mozilla.com/ https://snippets.cdn.mozilla.net/ https://firefox.settings.services.mozilla.com/ This adds a lot of noise and confusion. Adding to the scope helps but what if the example.com call azure.com to do something it will get missed so you want to have a way to exclude sites as needed If would be nice if you have a context option that allows you exclude from the proxy anything that comes in that is from domain. The best way to describe it is to show you how owasp zap does it where you create a blacklist and it get deleted from the history. https://img.onl/2zGeV https://img.onl/lqXLMw once its included in the black list it gets removed from the history and the sitemap

Chris | Last updated: Nov 30, 2020 02:59PM UTC

I just use the "Show only in-scope items" filter in the Proxy. That way you don't risk losing anything, but you can also keep your view clean. If you exclude something from the proxy and later find out it's in scope, you've lost it. But by filtering the Proxy to in-scope only you can add it to the scope later to see it historically. For purely browser-related things like 'firefox.settings.services.mozilla.com', add an exclusion in your browser proxy configuration.

Uthman, PortSwigger Agent | Last updated: Nov 30, 2020 03:15PM UTC