Introducing Intigriti Quick Scope

Setting up Burp Suite for a new bug bounty program is one of those tedious, recurring tasks every bug bounty hunter knows too well. Manually copying in-scope domains, adding out-of-scope rules, pasting mandatory request headers, and double-checking that you haven't missed an asset... all before you've even sent your first request.

We wanted to make that process significantly faster. That's why we're excited to introduce Intigriti Quick Scope (IQS), a brand new Burp Suite extension that auto-imports your target scope directly from the Intigriti Researcher API into your current Burp Suite project with a single click.

In this article, we'll walk you through what Intigriti Quick Scope is, the features it ships with, and how you can start using it on your next target.

Let's dive in!

Intigriti Quick Scope (IQS)

What is Intigriti Quick Scope?

Intigriti Quick Scope is a Burp Suite extension designed specifically for bug bounty hunters and security researchers like you. It leverages the official Intigriti Researcher API to pull your available program data and automatically configure your Burp Suite environment with the correct scope settings, including any required program request headers.

Practically, this means you no longer have to manually import in-scope and out-of-scope items, copy over mandatory headers, or cross-check rate limits. IQS handles it all for you, so you can focus on what actually matters: finding more vulnerabilities.

It's also fully compatible with both Burp Suite Community Edition (CE) and Professional, so no matter which edition you're running, you can take advantage of it.

Intigriti Quick Scope features

The new Intigriti Quick Scope extension comes with several features that help you save time while working with one of your favorite tools. Let's take a look at each one of them in detail!

1. Automated program scope configuration

Tired of having to import 10+ different scope items into your Burp Suite project scope settings manually? Intigriti Quick Scope fully automates this step by:

• Auto-applying in-scope and out-of-scope rules from your Intigriti bug bounty programs

• Optionally adding mandatory scope request headers, such as a User-Agent header or any other custom header required by the program

• Keeping you informed when the program enforces a rate limit or requires the use of your Intigriti.me email alias

From now on, you can setup your Burp Suite session for your target with a single click.

Using Intigriti Quick Scope (IQS)

2. Browse and filter bug bounty programs

Intigriti Quick Scope also allows you to quickly find the program you're looking for, directly from within Burp Suite. You can filter your available programs by status (active or inactive), confidentiality (public or invite-only), and follow state (programs you're actively following). This makes it significantly easier to switch between targets without ever having to leave your testing environment.

3. Inspect scope details before applying

Before importing anything, you can inspect an individual program's full scope configuration. Domains are organized into separate tabs based on their type; web (for web-based assets), others (for iOS, Android, source code repositories, and other non-web assets), and out of Scope (for assets explicitly marked as out-of-scope).

From there, you can either add individual selected domains to your Burp Suite scope, or apply the entire program's scope at once. If the program requires scope headers, your username will also be automatically inserted where needed.

Try Intigriti Quick Scope now

We've designed Intigriti Quick Scope to automate the tedious process of scope configuration, allowing you to focus on what matters most: finding more security vulnerabilities!

Whether you're an experienced bug bounty hunter or just starting your journey, Intigriti Quick Scope provides the tools you need to maximize your efficiency on every target.

Grab the latest release or clone and compile the extension yourself on our GitHub repository. We've also included detailed instruction guides to help you set it up in a few minutes.

FAQ

How do I obtain my Intigriti Researcher API token?

You can obtain your Intigriti Researcher API token directly from your Intigriti account settings, under the "API Tokens" section. We've also prepared a dedicated video guide on our channel that walks you through the process of generating your Personal Access Token (PAT) to use with Intigriti Quick Scope.

Can I use Intigriti Quick Scope for both my public and private bug bounty programs?

Yes, Intigriti Quick Scope works with both public and private bug bounty programs. The extension is designed to fetch and apply scope configurations from all program types available to you on Intigriti.

Help, I can't connect to the Intigriti Researcher API

If you're having trouble connecting to the Intigriti Researcher API, we recommend you first check your network connectivity. Additionally, verify that your Personal Access Token is still valid and hasn't expired.

If you're still experiencing issues, you are always welcome to create a new issue.

Does Intigriti Quick Scope work with Burp Suite Community Edition (CE)?

Yes, Intigriti Quick Scope is fully compatible with both Burp Suite Community Edition (CE) and Professional versions.

Is my Intigriti API key stored securely within the extension?

Yes, your API key is stored locally within your Burp Suite configuration and is never transmitted to any third parties beyond the official Intigriti Researcher API.

Can I contribute to the Quick Scope project?

Yes, we always welcome community contributions! Check our Intigriti GitHub repository for contribution guidelines and the latest open issues.