![](\"https:\/\/1.bp.blogspot.com\/-tEX9KCfWTTo\/XV0uHj_NztI\/AAAAAAAAGWE\/aOpVcVasJLE1qrpnrsmBvpojNKd4130vwCLcBGAs\/s1600\/Burp%2BScope%2BMonitor%2BExtension.gif\")
<\/a><\/div>\n- \n
- \n
- \n
- “Repeater request automatically marks as analyzed” – when issuing a request to an endpoint from repeater, it marks this request as analyzed automatically.<\/li>\n
- “Color request in Proxy tab” – this essentially applies the behavior of the extension in the Proxy tab, if you combine these options with “Show only highlighted items” in Proxy. However, it’s not as pleasant to the eyes as the color pallete is limited.<\/li>\n
- “Autosave periodically” – backups the state file every 10 minutes. When activating this option, consider disabling “Autostart Scope Monitor”. This is in order to maintain a different state file per Burp project. However, you can easily maintain only one, master state file.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
- \n
- “Import\/Export” is dedicated to handle the saved state files. It’s preferred to open your Burp project file associated with the Scope Monitor. It will still work if the Burp project is different, but when loading the saved entries, you won’t be able to send them to Repeater or view the request itself in the Request\/Response viewer (this is due to the fact that we are not storing the actually requests – just the endpoint, it’s analyzed status and a couple of other more. This makes it a little bit more efficient). Burp Suite<\/li>\n<\/ul>\n
Future Development<\/h3>\n
- \n
- Keep track of parameters observed in all requests<\/li>\n
- Highlight when a new parameter was used in an already observed\/analyzed endpoint<\/li>\n
- Export to spreadsheet \/ Google Sheets<\/li>\n
- Adding notes to the endpoint, Burp Suite<\/li>\n<\/ul>\n
Implementation<\/h3>\n
The code is not yet performant, optimized or anything similar. KISS and it works. Performance will be increased depending on demand and how the extension performs when handling large Burp projects. Burp Suite<\/p>\n
To circumvent some of Burp’s Extender API limitations, some small hacks were implemented. One of those is automatically setting a comment on the requests that flow in the Proxy tab.<\/p>\n
You can still add comments on the items, as you’d normally would, but just make sure to keep the placeholder string (scope-monitor-placeholder) there.<\/p>\n
Hopefully in the future each requestResponse from Burp will have a unique identifier, which would make the import state \/ load from file much cleaner and fast. With large state files, this might hang a bit when loading.<\/p>\n
- “Import\/Export” is dedicated to handle the saved state files. It’s preferred to open your Burp project file associated with the Scope Monitor. It will still work if the Burp project is different, but when loading the saved entries, you won’t be able to send them to Repeater or view the request itself in the Request\/Response viewer (this is due to the fact that we are not storing the actually requests – just the endpoint, it’s analyzed status and a couple of other more. This makes it a little bit more efficient). Burp Suite<\/li>\n<\/ul>\n
\n
\n