Adding redirects to target scope #27
Comments
This is by design, we don't want to add the root of the website to the scope. |
Do you know how/where? I have been trying several different things to no avail. Documentation on the JSON configuration is weak at best. Its not a problem in the GUI but when I copy the GUI config snippet into the working config it does not seem to override the api/SCAN defined scope. When I add it as another URL to scan I get 1 fail for out of scope and 1 that seems to work but that is less than ideal for reporting purposes. |
|
I don't have more insights unfortunately. Example: Tell me if it works. |
|
I am using burpa as a module, Burpa.scan() at least does not like the unexpected keyword "include_scope" Would you be opposed to a patch that allows someone to add to the scope? As I currently envision it, it would be similar to the "exclude" parameter in use. It seems to me that redirects are extremely common, though maybe that is my particular use case. Take the following: |
Then use
Since you use burpa as a library, you don't have to patch the code actually.
Yes indeed, but burp suite should be run on the actual target website. Same behaviour applies to wpscan: when it hit a redirect, it aborts the scan and ask the user to scan the actual URL. |
|
That was my first thought, and referenced in my first post. It does not work. I get an INFO message indicating it is added to the scope but then it gets overridden when the scan occurs and I get an "example.com is out of scope, no seed url" error. This is why I asked if you were opposed to a patch to make it work. Whether or not is gets used for this use case it allows the user to define the scope as they need. |
|
To be more clear with specifics: from burpa import Burpa api_url="127.0.0.1" b = Burpa(api_url="127.0.0.1", api_port=api_port, new_api_key=api_key, verbose=False, no_banner=True) INFO - Running Burp Suite version 2023.9.1 If I run where headless.mode=false I can get more information from BurpSuite and it tells me that example.com is not in the scope and that is the problem (see image).
If verbose=True I can see the following: D This leads me to believe that the include scope is being overridden for that scan, thus my offer to write a patch to resolve this. I really have not tried outside of this use case, which is the initial URL is a redirect to out of scope so I am uncertain whether this is the deciding factor in it being this way or not. Some applications set cookies then redirect to real content which complicates "just set it to the final destination" attempts. Whether or not those apps have good design, that does not negate their existence. |
|
Thanks for the detailed report. So this means that my initial code is faulty as well. And yes I'm open to review an PR to fix that and provide an explicit Thanks for your investigations. |
|
Hello @BretMcDanel, Are you still interested into working on this issue ? Thanks |
If I scan https://foo/bar/baz burpa will add https://foo/bar/ to the target scope. However, if the redirect is to https://foo/ this will be out of scope.
I did not see an easy way to update the target scope. The best I could find is using _ names (eg _api) to try to force it. This does not seem to be a good way to do this.
Is this a feature that needs to be added? If so I can do that, but if there is already a way (either with a JSON config or via a call) I would rather use that.
The text was updated successfully, but these errors were encountered: