ProfessionalCommunity Edition

Scope

  • Last updated: January 29, 2024

  • Read time: 3 Minutes

The Target > Scope tab enables you to tell Burp Suite which hosts and URLs you want to test. This has a number of advantages. For example, you can:

URL-matching rules

Burp Suite uses URL-matching rules to determine whether a given URL is in scope. You have the following options for configuring these rules:

Normal scope control

Normal scope control enables you to quickly specify static prefixes for URLs that are in or out of scope. You can explicitly specify the protocol for each prefix. If you don't include the protocol, the rule applies to both HTTP and HTTPS.

The following are some examples of valid URL prefixes:

http://example.com/path https://example.com/admin example.com example.com/myapp/ http://example.com:8080/login

Note

Wildcard expressions are not supported in URL prefixes for normal scope control. You can include all subdomains of a given host by selecting the Include subdomains checkbox. However, note that this is likely to significantly increase the scan duration.

Advanced scope control

Advanced scope control uses URL-matching rules rather than static prefixes. For a URL to match the rule, it must match all the specified features:

  • Protocol - The protocol that the rule must match: HTTP, HTTPS, or any.
  • Host or IP range - A regular expression to match the hostname, or an IP range. You can use various standard formats, for example 10.1.1.1/24 or 10.1.1-20.1-127. To match URLs that contain any host, leave this field blank.
  • Port - A regular expression to match one or more port numbers. Leave the field blank to match URLs that contain any port.
  • File - The file or path portion of the URL for the rule to match. Query strings are ignored. You can enter a regular expression to match the required range of URL files. To match URLs that contain any path or file, leave the file field blank.

To enable advanced scope control, select the Use advanced scope control checkbox. To create a new URL-matching rule, click Add and fill in the relevant fields manually.

Burp can also generate rules for you based on URLs that you provide. You have the following options:

  • Click Paste URL to use a URL from your clipboard.
  • Click Load to use a list of URLs or hostnames from a text file.
  • Right-click a request in one of Burp's tools and select Include in scope or Exclude from scope.

You can fine-tune each rule manually if required.

Note

Regex is not supported when loading port or file information from a text file.

Was this article helpful?