This repository contains a curated list of domains commonly used for tracking, analytics, advertisements, and other noise-generating services. Adding these domains to Burp Suite's TLS Passthrough settings helps reduce unnecessary traffic and noise in proxy logs during security assessments.
Note: While most of these domains are associated with Google services (e.g., tracking, analytics, ads), they are excluded from interception by default in this list. However, if you are testing Google services directly, you may need to adjust this list to avoid excluding relevant traffic.
- Clone this repository or download the
tls_passthrough_domains.jsonfile directly.
# Clone the repository
git clone https://github.com/yourusername/tls-passthrough-domains.git
# Navigate to the directory
cd tls-passthrough-domains- Open Burp Suite.
- Navigate to Proxy > Options > TLS Pass Through.
- Click on ⚙ > Load Settings.
- Import the
tls_passthrough_domains.jsonfile or manually add the domains listed in the file.
- Begin your assessment with cleaner proxy logs, focusing on the target domains without interference from noise generated by analytics and advertisement services.
If you are testing Google services (e.g., Gmail, Google Analytics, Ads), some of the domains in this list might exclude relevant traffic from interception. In such cases:
- Temporarily remove Google-related domains from the passthrough list.
- Use Burp Suite’s filters to focus only on the relevant traffic.
We aim to keep the file updated regularly and are open to feedback from the community. If you come across additional domains that generate unnecessary noise or if you notice any domains missing from the list, feel free to contribute:
- Fork the repository.
- Add the domains to
tls_passthrough_domains.json. - Submit a pull request.
This project is licensed under the MIT License.
Happy Testing!