- Open Burp Suite and go to the target and scope tab.
- Under the “include in scope” click “add” to enter the website you want to test.
- Under the “exclude from scope” enter the website that you don’t want to test or intercept. For our project we don’t want to exclude anything so leave it as empty.
- Now go to site map tab.
By default, we can see many other websites (subdomains of interest) that have been added for more tests. This is usually based on the penetration testing scenario. This can make our project a little more difficult. Let’s filter out some of the links.
Click the marked area. The filter will be displayed and here we can see the “show only in scope terms” check box. Select it.
Now all the subdomain that we don’t want to further test will be hidden.
The pages that we haven’t visit will be greyed out. The “contents” section gives the entire sitemap; for example, if we visit training page in the browser,
We can see the training.php become dark in Burp Suite.
That’s all in this tutorial. In next tutorial we shall see how to crawl website using Spider.