Comments (6)
Hey @asuspctow - Im quite confused.
Are you requesting a filter that called "Contain Link&Not Contain Link"? or you referring to an existing filter? because there is no such filter.
Or you talking about importing filters? you have regex filters that you can use it for multiple values.
Let me know what do you think
from autorize.
Hi @asuspctow
Yes, there is a way.
You can use the URL Not Contains (regex)
interception filter, and use pipe (|) in order to filter multiple endpoints on the same filter as the following value:
(/gateway/api/pubsub/subscribe|/rest/internal/latest/connect/data/dialog|/wiki/rest/jiraanywhere/1.0/servers|/gateway/api/emoji/|/rest/internal/2/log/unsafe/frontend-exception|/images/icons/priorities|/wiki/plugins/servlet/ac/css-style)
Let me know if this solve your need
from autorize.
Hi @Quitten,
thank you for your reply. I will explain to you the problem I encounter.
-
I work on a site that uses many different endpoints for the statistics and analysis process, and I need to add them to the exception filter each time, and I add each endpoint independently.
-
The site also fetches a lot of general information that I don't need to scan from dozens of different endpoints.
-
I also cannot use regex to exclude a group of endpoints because, for example, I need to exclude a group of endpoints on this path
/rest/api/2/*
and also at the same time I want to examine a group of endpoints on the same path/rest/api/2/
user, and their number is very large, which requires me to re-enter exceptions every time I run burp.
So I have a list of about 100 different endpoints
that I don't need to scan, and I would like a way to be provided that would allow me to import the endpoints that I want to exclude.
from autorize.
Got it, can you please give more concrete example? I wonder id this can be done via regex anyway.
And generally speaking you can use regex or statement
from autorize.
Hi @Quitten,
thank you for your reply. For example, I'm working on testing a product like Atlassian. The following endpoints and more of them I don't need to scan, so every time I run Burp
I need to add them to the filter one by one.
/wiki/plugins/servlet/gadgets/security-tokens
/ccollab/socket.io/
/gateway/api/watermelon/workspace/exists
/rest/internal/2/mauTag/core
/wiki/api/v2/editor/heartbeat/start
/wiki/plugins/macrobrowser/browse-macros.action
/wiki/rest/ia/1.0/link/batch
.
.
.
ETC
At the same time, these endpoints need to be visible and tested.
/gateway/api/pubsub/subscribe
/rest/internal/latest/connect/data/dialog
/wiki/rest/jiraanywhere/1.0/servers
/gateway/api/emoji/
/rest/internal/2/log/unsafe/frontend-exception
/images/icons/priorities
/wiki/plugins/servlet/ac/css-style
.
.
.
ETC
As you can see there is no specific pattern that I can use regex to filter, Therefore, I would like a way to be provided to import endpoints that I do not want to appear and have them automatically added to the filter.
Or if there is a way please let me know
from autorize.
Hi @Quitten
Thank you very much this works well. Have a happy work day. Thank you very much for the help.
Best,
from autorize.
Related Issues (20)
- Default filter HOT 1
- Exception “0d 0a” HOT 3
- Headers are case-sensitive HOT 1
- getMenuShortcutKeyMaskEx bug HOT 7
- Interception Filter based on Burp's listener port HOT 2
- Add parameter to query or body without removing headers HOT 1
- Send request to repeater HOT 4
- Autorize Showing Error HOT 1
- Changing light <> dark mode break Burp Suite HOT 2
- Manual Install Step 5 Error HOT 1
- Does not work - infinite loading. HOT 2
- Extraneous newline added when no temporary headers specified HOT 5
- Interception filter on HTTP headers HOT 1
- Autorize use
- Autorize use
- OWASP ZAP – Access Control Testing
- [feature request] ^R --> to repeater HOT 11
- Bug on "send_request_to_autorize" function HOT 1
- [Feature] Match Response Header in Interception Filters HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from autorize.