Interception Filters feature about autorize HOT 6 CLOSED

Hey @asuspctow - Im quite confused.
Are you requesting a filter that called "Contain Link&Not Contain Link"? or you referring to an existing filter? because there is no such filter.
Or you talking about importing filters? you have regex filters that you can use it for multiple values.
Let me know what do you think

from autorize.

Hi @asuspctow
Yes, there is a way.
You can use the URL Not Contains (regex) interception filter, and use pipe (|) in order to filter multiple endpoints on the same filter as the following value:

(/gateway/api/pubsub/subscribe|/rest/internal/latest/connect/data/dialog|/wiki/rest/jiraanywhere/1.0/servers|/gateway/api/emoji/|/rest/internal/2/log/unsafe/frontend-exception|/images/icons/priorities|/wiki/plugins/servlet/ac/css-style)

Let me know if this solve your need

from autorize.

Hi @Quitten,

thank you for your reply. I will explain to you the problem I encounter.

• I work on a site that uses many different endpoints for the statistics and analysis process, and I need to add them to the exception filter each time, and I add each endpoint independently.

• The site also fetches a lot of general information that I don't need to scan from dozens of different endpoints.

• I also cannot use regex to exclude a group of endpoints because, for example, I need to exclude a group of endpoints on this path /rest/api/2/* and also at the same time I want to examine a group of endpoints on the same path /rest/api/2/ user, and their number is very large, which requires me to re-enter exceptions every time I run burp.

So I have a list of about 100 different endpoints that I don't need to scan, and I would like a way to be provided that would allow me to import the endpoints that I want to exclude.

from autorize.

Got it, can you please give more concrete example? I wonder id this can be done via regex anyway.
And generally speaking you can use regex or statement

from autorize.

Hi @Quitten,

thank you for your reply. For example, I'm working on testing a product like Atlassian. The following endpoints and more of them I don't need to scan, so every time I run Burp I need to add them to the filter one by one.

/wiki/plugins/servlet/gadgets/security-tokens
/ccollab/socket.io/
/gateway/api/watermelon/workspace/exists
/rest/internal/2/mauTag/core
/wiki/api/v2/editor/heartbeat/start
/wiki/plugins/macrobrowser/browse-macros.action
/wiki/rest/ia/1.0/link/batch
.
.
.
ETC

At the same time, these endpoints need to be visible and tested.

/gateway/api/pubsub/subscribe
/rest/internal/latest/connect/data/dialog
/wiki/rest/jiraanywhere/1.0/servers
/gateway/api/emoji/
/rest/internal/2/log/unsafe/frontend-exception
/images/icons/priorities
/wiki/plugins/servlet/ac/css-style
.
.
.
ETC

As you can see there is no specific pattern that I can use regex to filter, Therefore, I would like a way to be provided to import endpoints that I do not want to appear and have them automatically added to the filter.

Or if there is a way please let me know

from autorize.

Hi @Quitten

Thank you very much this works well. Have a happy work day. Thank you very much for the help.

Best,

from autorize.