login

Burp Suite, the leading toolkit for web application security testing

URL-Matching Rules

URL-matching rules are used in various locations within Burp, to define URL-based scoping for various functions, such as general Target scope, the scope of individual functions like live scanning, URLs returning streaming responses, and the scope of session handling rules.

Each URL-matching rule can specify various features of the URLs that will be matched. For a URL to match the rule, it must match all of the features that are specified by the rule. The following items can be configured:

Often, the easiest way to create a URL-matching rule is to copy the relevant URL to the clipboard from elsewhere (either your browser or from a request within Burp), and click the "Paste URL" button on the URL-matching rule dialog. This will create a rule that matches this URL, and also any others that have this URL as a prefix (Burp places a wildcard at the end of the file expression). You can then manually edit the rule if required, to fine-tune the URLs that are matched.

You can also use the "Load ..." button to load a list of items from a text file. Each item in list should be either a URL or a hostname, and Burp will create an appropriate rule for each item.

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Wednesday, April 22, 2015

v1.6.17

This release contains a number of minor enhancements and bugfixes, including:

  • The Proxy now uses SHA256 to generate its CA and per-host certificates
  • There is a new button at Proxy / Options / Proxy Listeners to force Burp to regenerate its CA certificate.
  • A bug in the "Paste from file" function which caused Burp to sometimes retain a lock on the selected file has been fixed.
  • A bug in the Intruder "extract grep" function, which sometimes caused extracted HTML content to be rendered as HTML in the results table, has been fixed.

See all release notes ›

Copyright © 2015 PortSwigger Ltd. All rights reserved.