Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Ignore similar entries during a scan

Reo | Last updated: Jan 21, 2021 02:48PM UTC

Hello, I would like to now if it's possible to setup a Burp (pro) scan without scanning multiple times similar entries. For example in the case of an online dictionary, is it possible not to scan every entry that shares the same layout/have the same vulnerabilities ? Because the scan takes some days to complete, whereas it could take a few minutes without scanning every similar entry. Let me know if I'm not clear enough, thank you.

Michelle, PortSwigger Agent | Last updated: Jan 22, 2021 09:19AM UTC

Thanks for your message. Could you provide some examples of the URLs so we can take a look?

Reo | Last updated: Jan 27, 2021 02:36PM UTC

Sure, there are a number of similar URLs like so : https://www.macmillandictionary.com/dictionary/british/try_1 https://www.macmillandictionary.com/dictionary/british/run_1 https://www.macmillandictionary.com/dictionary/british/essay https://www.macmillandictionary.com/dictionary/british/accomplishment etc

Michelle, PortSwigger Agent | Last updated: Jan 28, 2021 09:48AM UTC

Thanks for the examples. When you set up the scan, if you enable Detailed scope configuration -> Use advanced scope control you can use regular expressions to exclude URLs. You're not limited to this, but as an example, you could decide to exclude some URLs from a certain section/path that begin with a specified range of letters: Protocol: HTTPS Host/IP range: ^mytestwebsite\.com$ Port: ^443$ File: ^/testpath/[c-f].*

Reo | Last updated: Jan 29, 2021 03:52PM UTC

Hello Michelle, thanks for your reply. I did try to setup a scan using the advanced scope control with regex, however I'm constantly getting this "Some of the specified URLs to scan are out of scope" even when I use a simple regex, I tried different regex and no one worked. For example if I want to scan this forum and exclude this specific page : https://ibb.co/t3BRtFK I don't understand why this is considered as out of scope by Burp. Could you tell me what I'm doing wrong there please ? I'm using Burp pro 2020.12.1 btw.

Michelle, PortSwigger Agent | Last updated: Jan 29, 2021 03:56PM UTC

Can you email us some screenshots of your Scan Detail settings so we can see the URLs to scan and the sections you've filled in for the Advanced Scope Control, please? If you can send them over to support@portswigger.net we can take a closer look and see what we can do to help,

Reo | Last updated: Feb 01, 2021 03:45PM UTC