Proxy Scoping and Targetting

It can get extremely tedious having Burp capturing all of our traffic. When it logs everything (including traffic to sites we aren’t targeting), it muddies up logs we may later wish to send to clients. In short, allowing Burp to capture everything can quickly become a massive pain.

What’s the solution? Scoping.

Setting a scope for the project allows us to define what gets proxied and logged. We can restrict Burp Suite to only target the web application(s) that we want to test.
The easiest way to do this is by switching over to the “Target” tab, right-clicking our target from our list on the left, then choosing “Add To Scope”.
Burp will then ask us whether we want to stop logging anything which isn’t in scope – most of the time we want to choose “yes” here.

GIF showing the process described above

We just chose to disable logging for out of scope traffic, but the proxy will still be intercepting everything.

To turn this off, we need to go into the Proxy Options sub-tab and select “And URL Is in target scope” from the Intercept Client Requests section:

Screenshot circling the Intercept in Scope requests only setting

With this option selected, the proxy will completely ignore anything that isn’t in the scope, vastly cleaning up the traffic coming through Burp.