Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Skipping server side tests for .js and .css files

Jesse | Last updated: Jul 05, 2017 07:19PM UTC

How do I set the active scanner to skip server side tests for all .js and .css files? I currently have the following set with the scanner options tab and its not working: Skip server-side tests for: Parameter = URL path filename Item = Value Match Type = Matches Regex Matches Expression = (\.css|.\woff2|\.woff|\.png|\.jpg|\.ico|\.svg |\.js)

PortSwigger Agent | Last updated: Jul 06, 2017 07:32AM UTC

Hi Jesse, Thanks for getting in touch. How are you starting Active Scanner? If you select an item in Site map and choose Actively scan this branch, that launches the Active scanning wizard. There is an option there to Remove items with the following extensions. The option you mention in your message only skips individual parameters, not whole pages. Please let us know if you need any further assistance.

Burp User | Last updated: Dec 12, 2017 10:21AM UTC

Can you please answer his original question?

PortSwigger Agent | Last updated: Dec 12, 2017 10:25AM UTC

Hi John, Thanks for reaching out. The "Skip test for..." section in Scanner Options only skips particular parameters, not full requests. To skip whole requests, use the filter in Active Scanning Wizard - which appears if you right-click a host/branch in Site Map and choose Active Scan.

PortSwigger Agent | Last updated: Dec 12, 2017 10:27AM UTC

Hi John, Ok, you can control this using a custom scope. In Scanner > Live scanning > Live Active Scanning - select "Use custom scope" and enable advanced scope control. Add you target to "Include in scope" then add a rule to "Exclude from scope" that covers the extensions you don't want to scan. By the way, we weren't deliberately dodging the question. We'd asked some time ago how Jesse was launching scans, but neither him nor you answered that until now. Please let us know if you need any further assistance.

Burp User | Last updated: Dec 13, 2017 01:57AM UTC