Creating target scopes in Burp Suite

The target scope settings can be found under the Target | Scope tab. This allows you to configure in-scope targets for the penetration test that you are currently executing.

Adding items to target scope allows you to affect the behavior of features throughout Burp. For example, you can do the following:

• You can set display filters to show only the items in scope. This is available under Target | Site map and under Proxy | History, and is very useful when dealing with applications that use code from a lot of third parties.
• The Spider module is restricted to in-scope targets.
• You can configure the proxy to intercept the requests and responses for only in-scope items.
• In the Professional version of Burp, you can even automatically initiate vulnerability scans of in-scope items.

There are essentially two ways of adding scope items. The first, and the recommended way, is to obtain targets from proxy history. For this to happen, the following approach is taken:

1. Set up your browser and Burp to talk to each other.
2. Turn off interception mode in Burp and browse the application.

Start with the home page and browse to every link; log in to authenticated areas and log out; submit every form; navigate to every single path that is listed in the robots.txt, and to every single link in the application's sitemap (if available); and, if applicable, access the application as different users (either with the same or different privilege levels).

Doing this will populate the sitemap for the application as seen under the Target | Site map tab, as shown in the following screenshot:

Once targets and URLs are populated in the Site map tab, you can right-click on any item and add that item to scope. This can be done both via the Target | Site map, or via the Proxy | History tab.

The second method is to directly add items to the Target | Scope tab. Check the Use advanced scope control to enable the older interface for scope addition, which allows far more granular control over the scope entries.

Let's take an example and create our scope for an imaginary penetration test. Let's assume the application in scope is at http://mutillidae-testing.cxm/. Using the Target | Scope tab, we can add this and all future URLs from this application to the scope by setting the following:

• Protocol: HTTP
• Host or IP range: mutillidae-testing.cxm
• Port: ^80$
• File: ^*

This will add the application and any URLs on port 80 with the HTTP protocol to the scope.

You can also load a file containing a list of URLs that need to be in scope via the Load button on the Target | Scope page. This list must be URLs/targets separated by newlines. Large files may take time to load and Burp may appear frozen for a while, but will resume working when the file has been loaded and parsed.