# Client/Server Side Filter Bypass

If the website uses a filter for validation, we might be able to bypass it by disabling the filter. We can easily do that with Burp Suite's Intercept.

### 1. Disable Filter <a href="#id-1-disable-filter" id="id-1-disable-filter"></a>

#### Disable Client-Side (JS) Filter <a href="#disable-client-side-js-filter" id="disable-client-side-js-filter"></a>

1. In **Burp Suite**, go to **Proxy** tab and click **Options**.
2. Navigate to **Intercept Client Requests** section, then click on the top line (**File extension**...) then click **Edit**.
3. The popup will open.
4. In the popup, find and remove `|^js$` in **Match condition**, then save the filter.

#### Disable Server-Side Filter <a href="#disable-server-side-filter" id="disable-server-side-filter"></a>

1. In **Burp Suite**, go to **Proxy** tab and click **Options**.
2. Navigate to **Intercept Server Requests** section and check **Intercept responses based on...**.

### 2. Drop Filter <a href="#id-2-drop-filter" id="id-2-drop-filter"></a>

After setting up as above, we might be able to bypass filter by intercepting requests and drop the filter as the following actions.

1. Turn the intercept on.
2. On browser, press Ctrl+F5 (hard refresh) to reload the page.
3. If you found the filtering file (.js), drop it.