Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Logon to a website behind an Incapsula firewall

Rui | Last updated: Sep 01, 2018 12:00AM UTC

Hello I am testing a website behind an Incapsula firewall. I can login to the website if I am not accessing it through Burp Proxy. If I try to logon through Burp (i.e. I enter the userid and password in the logon form and submit), the site responds with an HTTP 401 error code and prompts for a host-based logon. I have disabled Burp Collaborator and the Collaborator extension, since these were listed as potential issues on another ticket. But that does not fix the problem. Any idea what can be done to fix this?

PortSwigger Agent | Last updated: Sep 03, 2018 02:00PM UTC

There are a couple of causes of this behavior I can think of. If you're able to talk to the firewall administrator you may be able to identify which: 1) The website or firewall uses Windows NTLM authentication. Even though there is a login form, the website may be using your Windows credentials to control access. In this case, configuring those credentials in Burp may resolve this. Look in User options > Connections > Platform Authentication. You probably want NTLM v2 and be aware that the domain field refers to the Windows domain, not the DNS domain. 2) The firewall is configured to identify and block tools like Burp. In this case, the best option is to ask the administrator to add your IP address to a white list. Otherwise, you may have some luck altering the options in Proxy > Options > Miscellaneous. For example, disableing "Set connection-clone on incoming requests" may help.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.