Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Problem with Digest authentication

Jonas | Last updated: Feb 18, 2016 08:58AM UTC

Hi, We have a web application which consist of both web pages without authentication and web pages that uses Digest authentication. When we add the platform authentication credentials to Burp Suite the Scanner test doesn't complete the testing of web pages not using Digest authentication. In the Scan queue tab the status ends up telling "abandoned - too many errors (XX% complete)". If we check the Alerts tab there are entries telling e.g. "[175] No digest challenge received from 192.168.1.11". Does Burp suite only handle web applications that either uses authentication on all web pages or no authentication att all, or is this a bug in the Burp Suite software? Thanks, Jonas.

PortSwigger Agent | Last updated: Feb 19, 2016 08:41AM UTC

Thanks for this report. This does look like a bug, in that Burp fails to make the request properly when the expected handshake is not received. We'll look into fixing this issue.

Burp User | Last updated: Jan 19, 2018 04:53PM UTC

Has this issue been addressed? It is now almost 2 years later...

PortSwigger Agent | Last updated: Jan 19, 2018 04:57PM UTC

Hi Rui, Thanks for getting in touch. This issue hasn't been resolved, although it remains on the long-term plan. We've not had the issue reported by other users, so we expect it is rare in practice. Are you encountering the same issue?

Liam, PortSwigger Agent | Last updated: Mar 08, 2018 04:35PM UTC

Vijayanathan, we're not aware of a workaround. This is still in our development backlog. Unfortunately, we can't provide an ETA.

Burp User | Last updated: Feb 04, 2019 06:49AM UTC

Hello There, We have a Digest authentication being used and experience the same issue mentioned above. If there is no immediate current fix available, are there any work around to handle this. Thanks

Michelle, PortSwigger Agent | Last updated: Mar 09, 2020 01:45PM UTC

Hi What version of Burp are you currently using? Could you tell us a bit more about what the configuration you're using and the site you're trying to scan, please? If you'd prefer to share this information directly rather than via the forum you can send it to support@portswigger.net

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.