Burp Suite Essentials
上QQ阅读APP看书,第一时间看更新

Multiple ways to add targets to the scope

Burp has a subtab called Scope under the Target tab. The most common way to add a target to Scope is to navigate to it using your browser, find it in the Site map subtab under the Target tab, right-click on it, and select Add to scope.

For example, if we have permission to test http://download.mozilla.org, and we want to add it to the scope, we do the following:

We can always edit the URL in the URL editor window if we need to tweak it a bit or if we made any mistakes and added something we shouldn't add. Have a look at the following screenshot:

Apart from adding the URL to the scope using the context menu, we can always paste the URL of the target as well. When we paste the URL, we can choose the protocol, host/IP, port, and filename.

Loading a list of targets from a file

Loading a list of targets from a file is the most sensible way of adding targets to the scope in Burp. In most security assessment scenarios, we are already aware of exact URLs for our targets. This allows us to build a target list, which can simply be loaded into the Scope section by clicking on the Load ... button. Have a look at the following screenshot:

Once clicked, the File Browser dialog window opens and we can choose our file. The links need to be one of each line and based on their protocol, port number, path, and so on. All the fields get set up automatically. The following screenshot contains a list of sample target URLs for illustration. Note that some of the URLs in the following screenshot may not exist in reality: