Advice on Burp Proxy Scope When Manually Reviewing a Web App
Posted in BugBounty Discussion by @0xjdow




0xjdow

Researcher

A little while ago I was assessing a web app, and when it came time for manual enumeration (Burp on one monitor, Firefox on the other, exploring application functionality, etc..) I had limited my proxy history to in-scope items only (*.domain.com) and I wound up missing an obvious S3 bucket.

I've since added amazon to my scope when testing applications - but I wanted to see what other researchers are doing in terms of setting scope and limiting proxy history in the hopes of further improving my workflow.

Cheers!


Posted on 2019-01-08