There’s more to be said here, like the impossibility of adding targets directly from the sitemap/history to the “out-of-scope” list so that they get excluded. This step must be repeated for every item in the list, which is just annoying when you have a large scope. For those we are left with option 1 as pre-indexing is not an option, meaning that regex is the only viable option left. What you will encounter often, however, is wildcards and other notations that target a specific range or certain components of a URI. Though, this is not something you’ll encounter very often so it’s not a big deal. For that you must first convert the notations to IP ranges, which can be added without any fuzz. Nope, it’s not possible to add CIDR in either Burp or Zap. But how? It’s not like you can import a list of domains to either program. Take Spotify for instance, which have explicitly listed 150 domains aside from those in the main scope. If you’ve never had to deal with scopes then take a look at some of the bigger bugbounty programs over at Bugcrowd and HackerOne. Add some bad luck to that and the boogie man may even come knocking on your door. Besides, there’s always a risk of messing things up, leaving you with an incorrectly defined scope which may snowball into this huge time waster in the future chasing boogie monsters. Not that adding them is very difficult, but depending on the scope this process can feel repetitive and frustrating to do, which usually ends up taking more time than most like to admit. On the contrary however, when the scope has intricacies and is larger is size, that is when you start to question the effectiveness of approach. That is, when you have a scope that is simple and small-ish in size. This is by large the most effective thus preferred approach.įor the most part, either way will do just fine. Otherwise there is no way to select anything as nothing has been indexed.
With Burp you also have the option to add them directly as is, which is great when you just want to add something simple.įrom the sitemap / proxy history, granted that traffic towards the target has passed through the proxy. Keep in mind that these are just my personal views based on experience working with both programs.Īdding scopes are done in mainly two ways: Rather than repeating what is already detailed in the README I’ll instead focus this post on why I felt the need for writing this tool to begin with. Rescope is a tool I wrote that lets you quickly define scopes in Burp/ZAP - intended for bugbounty hunters and pentesters alike who deal with large, complicated scopes.
0 kommentar(er)
