Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Using Burp with Integrated Windows Auth

Mark H Nov 07, 2018 07:56PM UTC

I can't seem to get Burp to authenticate a target app that uses IWA (where you get no login prompt if already authenticated in AD). I've tried configuring both NTLMv1&2 in Platform Authentication, and tried the Kerberos Bapp plugin. If go direct to the app with a browser, it comes up fine, but when I insert Burp in the middle I keep getting auth challenges from the app and can never login. The NTLM negotiation WW-Authenticate header stuff all looks OK. but the web server keeps returning 401s. (IIS, http:// site)


Liam Tai-Hogan Nov 08, 2018 11:45AM UTC Support Center agent

Mark, could you send us your platform auth configuration settings? You can send any relevant information to support@portswigger.net.

Additionally, have you checked out this support page?

- https://support.portswigger.net/customer/portal/articles/2927576-configuring-ntlm-with-burp-suite


Mark H Nov 08, 2018 02:18PM UTC
I figured out the problem: For some odd reason, in this instance, a request to the host name by itself responds differently than a request to the FQDN, and when I changed the Platform Auth setting to hostname only, it started working.

Liam Tai-Hogan Nov 08, 2018 02:22PM UTC Support Center agent

Thanks for the update Mark.


Post Your public answer

Your name
Your email address
Answer