Bypass Client/Server Side Filter

If the website uses a filter for validation, we might be able to bypass it by disabling the filter. We can easily do that with Burp Suite's Intercept.

1. Disable Filter

Disable Client-Side (JS) Filter

  1. In Burp Suite, go to Proxy tab and click Options.
  2. Navigate to Intercept Client Requests section, then click on the top line (File extension...) then click Edit.
  3. The popup will open.
  4. In the popup, find and remove |^js$ in Match condition, then save the filter.

Disable Server-Side Filter

  1. In Burp Suite, go to Proxy tab and click Options.
  2. Navigate to Intercept Server Requests section and check Intercept responses based on....


2. Drop Filter

After setting up as above, we might be able to bypass filter by intercepting requests and drop the filter as the following actions.

  1. Turn the intercept on.
  2. On browser, press Ctrl+F5 (hard refresh) to reload the page.
  3. If you found the filtering file (.js), drop it.