Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

NTLM Authentication

Michael Vaden (CO) Mar 13, 2015 02:57PM UTC

Hello,

I am trying to access an internal application and conduct a scan. The application uses NTLMv1. When I attempt to use Platform Authentication in burp, it doesn't work.

This morning I have gone so far as to clearing my cookie jar, all history in my browser and starting from the very beginning. Here is what I am doing:

1.) Open a new browser
2.) Open Burp Suite
3.) Attempt to access my application
4.) Fill in my login credentials and press enter
5.) Get redirected to a 401 page - Invalid Login Credentials

I have attempted to use my networks proxy for internet access as an outgoing proxy (I can access internal applications without it) with no success.

Thanks!


Dafydd Stuttard Mar 13, 2015 03:21PM UTC Support Center agent

Thanks for your message. NTLM authentication can’t be proxied via Burp, and you need to configure Burp with the credentials so that it can use them. You can configure these at Options / Connections / Platform authentication.


any3ite Mar 06, 2017 02:41PM UTC
how to use burp suite crack ntlm auth?

i can crack basic but can not crack ntlm.

thanks

Liam Tai-Hogan Mar 07, 2017 04:42PM UTC Support Center agent

Hi

Thanks for your message.

Due to the nature of NTLM this can’t be done with Burp Intruder.

You could develop an extension to help you or use a specialized brute-forcing tool.


Post Your public answer

Your name
Your email address
Answer