Bypass Client/Server Side Filter
If the website uses a filter for validation, we might be able to bypass it by disabling the filter. We can easily do that with Burp Suite's Intercept.
1. Disable Filter
Disable Client-Side (JS) Filter
- In Burp Suite, go to Proxy tab and click Options.
- Navigate to Intercept Client Requests section, then click on the top line (File extension...) then click Edit.
- The popup will open.
- In the popup, find and remove
|^js$
in Match condition, then save the filter.
Disable Server-Side Filter
- In Burp Suite, go to Proxy tab and click Options.
- Navigate to Intercept Server Requests section and check Intercept responses based on....
2. Drop Filter
After setting up as above, we might be able to bypass filter by intercepting requests and drop the filter as the following actions.
- Turn the intercept on.
- On browser, press Ctrl+F5 (hard refresh) to reload the page.
- If you found the filtering file (.js), drop it.