Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Smart Card not working over Remote Desktop

Max | Last updated: Jan 19, 2017 05:13PM UTC

We use ActivClient on our local and remote machines for Smart Card authentication. This works fine with IE and Firefox, both local and remote. When Burp is run on the remote machine, it accepts the pin code and appears to work, but never shows any certificates. Technical details that may matter: Remote host is 32-bit Running jre1.8.0_112 using acpkcs211.dll as the library Local host is 64-bit

PortSwigger Agent | Last updated: Jan 20, 2017 04:17PM UTC

We're not quite clear on what your set-up is. When Burp is running on the remote machine, is the device physically connected to that machine, or is it being shared over RDP? Burp uses standard platform APIs for accessing smart cards, and if these aren't able to see/read the card from the remote machine, then there might not be anything that Burp can do.

Burp User | Last updated: Jan 31, 2017 02:25AM UTC

The smart card is on the local machine and shared over RDP. Other applications are able to read the smart card, such as Internet Explorer. It appears it may be an issue with the library that ActivClient is providing to Burp, but the lack of error messages makes it impossible to tell.

Burp User | Last updated: Jul 08, 2017 05:19AM UTC

What version of Windows are you running on your local/remote systems? What version of ActivClient are you running on your local/remote systems? If you run the diagnostic utility, within ActivClient, and copy/paste the smart card info, under the smart card tab, both before and after the Burp authentication attempt, you can use Notepad++, or some other editor, to perform a diff. In doing so, you can see if the PIN, after being entered via the ActivClient prompt, is getting checked or otherwise. If the "PIN checked =" is set to anything else but YES, the PIN is not being checked properly. ActivClient 6.x, both on Windows 7 and 10, can suppress password/credential prompts, especially on government websites. Another thing to try: change the smart card PIN by using the ActivClient PIN change tool. It can be changed to the same PIN. ActivClient 6.x has a PIN cache flush issue. Just something to rule out in your situation. Is the smart card a company smart card or DoD issued smart card, or a smart card issued by a third party security authority, e.g. IdenTrust? When Burp is run on the remote system, natively, not via RDC/RDP, is authentication successful?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.