The target scope configuration lets you tell Burp, at a suite-wide level, exactly what hosts and URLs constitute the target for your current work. You can think of the target scope as, roughly, the items that you are currently interested in and willing to attack.
This configuration affects the behavior of tools throughout the suite. For example:
- You can set display filters on the target site map and Proxy history to show only in-scope items.
- You can tell the Proxy to intercept only in-scope requests and responses.
- The Spider will only follow links that are in scope.
- Professional Edition With Burp Scanner, you can automatically initiate vulnerability scans of in-scope items.
- You can configure Intruder and Repeater to follow redirections to any in-scope URLs.
By telling Burp what your current target is, you can ensure that Burp carries out numerous such actions in an appropriate way, only targeting items that you are interested in and willing to attack. In all cases, you can additionally fine tune the target scope and the associated behavior at the level of individual tools, giving you fine-grained control over everything that Burp does, if you need it. However, the suite-wide scope definition provides a quick and easy way to tell Burp what is fair game and what is off limits, and is almost always worth configuring before you begin your work in earnest.
The scope definition uses two lists of URL-matching rules - an "include" list and an "exclude" list. When Burp evaluates a URL to decide if it is within the target scope, it will be deemed to be in scope if the URL matches at least one "include" rule and does not match any "exclude" rules. This enables you to define specific hosts and directories as being generally within scope, and yet exclude from that scope specific subdirectories or files (such as logout or administrative functions).
You can add or edit rules on the "include" and "exclude" lists using the URL-matching rule editor. However, in most cases, by far the easiest way to define your target scope is via the site map. As you map out the target application via Burp Proxy, the application's content will appear in the site map. You can then select one or more hosts and folders, and use the context menu to include or exclude these from the scope. This process is extremely easy and in most situations will let you quickly define all of the rules necessary for your testing.