Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Project scope settings when launching scans using REST API

Paul | Last updated: Mar 28, 2023 10:40AM UTC

Hi, 1. Background. I am automating tasks with Burp Suite PRO and launching scans using REST API. 2. Problem. I am unable to exclude paths using "advanced scope". I am specifying URL to scan, and regex for paths to be excluded. Also, in scan configuration I am trying to enable option to drop the requests which are out of scope: "misc_insertion_point_options":{"drop_out_of_scope_requests": true}. * When launching scan (crawl and audit) BURP ignores exclusions. * But if I pause the scan and in BURP GUI Project Settings add the same regex and tick the "Drop out-of-scope requests "- then requests are dropped as expected. 3. Goal. For each site that I scan I would like to enable custom exclusion paths and activate option "Drop out-of-scope requests " using API. Question : is it possible when launching scan via REST API, pass Project settings the same way as BURP GUI , so that exclusion / dropping request options would be respected ?

Paul | Last updated: Mar 28, 2023 10:45AM UTC

For example, I would like to crawl and scan entire https://example.com website, however I would like to exclude https://example.com/info and https://example.com/contact-us

Michelle, PortSwigger Agent | Last updated: Mar 28, 2023 02:29PM UTC