Enterprise Edition
Setting the site scope
-
Last updated: October 31, 2024
-
Read time: 2 Minutes
When scanning a web app, the site scope defines which URLs you want to scan, and which you don't want to scan. Burp Scanner only visits URLs that are in scope.
By default, Burp Suite Enterprise Edition automatically uses your Start URLs to derive the list of In-scope URL prefixes. For example:
-
If you add
ginandjuice.shop
as a start URL,ginandjuice.shop
is added to the list of in-scope url prefixes. -
If you add
ginandjuice.shop/catalog
(without/
at the end) as a start URL,ginandjuice.shop
is added to the list of in-scope url prefixes. -
If you add
ginandjuice.shop/catalog/
(with/
at the end) as a start URL,ginandjuice.shop/catalog/
is added to the list of in-scope url prefixes.
When you add a new web app site or edit an existing one, you can see the In-scope URL prefixes field being populated as you type the Start URLs. This helps you to see exactly how the scope is derived from your start URLs.
You can manually edit or add URL prefixes to modify your web app site's scope. For example, you can add URLs that are part of the same web application but not contained under the Start URLs.
You can also exclude URL prefixes that you don't want to scan. For example, you may want to exclude a section of your website that contains sensitive information.
Note
If you manually edit the In-scope URL prefixes, make sure that your Start URLs are included in this scope. If they're not, you won't be able to save the changes to your web app site.
To manually set the URL prefixes that are in scope:
- Add a new web app site, or edit an existing site.
- Under Site scope, select Detailed scope configuration.
- In the In-scope URL prefixes tab, select the Manually set in-scope prefixes tick box.
- Enter any additional addresses, or edit the existing ones.
To define URL prefixes that are out of scope:
- Add a new web app site, or edit an existing site.
- Under Site scope, select Detailed scope configuration.
- Select the Out-of-scope URL prefixes tab.
- Enter any addresses that you want to exclude from the site scope.