The target scope settings can be found under the Target
| Scope
tab. This allows you to configure in-scope targets for the penetration test that you are currently executing.
Adding items to target scope allows you to affect the behavior of features throughout Burp. For example, you can do the following:
- You can set display filters to show only the items in scope. This is available under
Target
|Site map
and underProxy
|History,
and is very useful when dealing with applications that use code from a lot of third parties. - The
Spider
module is restricted to in-scope targets. - You can configure the proxy to intercept the requests and responses for only in-scope items.
- In the Professional version of Burp, you can even automatically initiate vulnerability scans of in-scope items.
There are essentially two ways of adding scope items. The first, and the recommended way, is to obtain targets from proxy history. For this to happen, the following approach is taken:
- Set up your browser and Burp to talk to each other.
- Turn off interception mode in Burp and browse the application.
Start with the home page and browse to every link; log in to authenticated areas and log out; submit every form; navigate to every single path that is listed in the robots.txt
, and to every single link in the application's sitemap (if available); and, if applicable, access the application as different users (either with the same or different privilege levels).
Doing this will populate the sitemap for the application as seen under the Target
|
tab, as shown in the following screenshot:Site
map
Once targets and URLs are populated in the Site map
tab, you can right-click on any item and add that item to scope. This can be done both via the Target
| Site map,
or via the Proxy
| History
tab.
The second method is to directly add items to the Target
| Scope
tab. Check the Use advanced scope control
to enable the older interface for scope addition, which allows far more granular control over the scope entries.
Let's take an example and create our scope for an imaginary penetration test. Let's assume the application in scope is at http://mutillidae-testing.cxm/
. Using the Target
| Scope
tab, we can add this and all future URLs from this application to the scope by setting the following:
Protocol
:HTTP
Host or IP range
:mutillidae-testing.cxm
Port
:^80$
File
:^*
This will add the application and any URLs on port 80
with the HTTP protocol to the scope.
You can also load a file containing a list of URLs that need to be in scope via the Load
button on the Target
| Scope
page. This list must be URLs/targets separated by newlines. Large files may take time to load and Burp may appear frozen for a while, but will resume working when the file has been loaded and parsed.