Burp Suite User Forum

Login to post

Scanner and Javascript Controlled Logout Link

Ken | Last updated: Aug 11, 2023 01:10AM UTC

How do I exclude the logout functionality from my scan when the logout link looks like this? <a href='#'>Sign out</a> No link to the server, the logout is controlled by Javascript. It is a SPA application built using React. Configuring an auto-login (so that the scanner logs itself back in in after logging out) might be away around this problem, but that is difficult in this case because of two factor authentication.

Michelle, PortSwigger Agent | Last updated: Aug 11, 2023 12:03PM UTC

Hi Are you able to identify which requests are sent when the 'Sign out' link is clicked? If so, you could potentially use the 'Out-of-scope request handling' under Settings > Project > Scope to drop the requests. If there's any information you'd prefer to share directly, either regarding the sign out links or the type of 2FA your site uses, feel free to email support@portswigger.net.

Ken | Last updated: Aug 12, 2023 04:13AM UTC

Good idea, I'll scope that out. Thanks for the suggestion.

You need to Log in to post a reply. Or register here, for free.