Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Using Burp with Integrated Windows Auth

Mark H Nov 07, 2018 07:56PM UTC

I can't seem to get Burp to authenticate a target app that uses IWA (where you get no login prompt if already authenticated in AD). I've tried configuring both NTLMv1&2 in Platform Authentication, and tried the Kerberos Bapp plugin. If go direct to the app with a browser, it comes up fine, but when I insert Burp in the middle I keep getting auth challenges from the app and can never login. The NTLM negotiation WW-Authenticate header stuff all looks OK. but the web server keeps returning 401s. (IIS, http:// site)

Liam Tai-Hogan Nov 08, 2018 11:45AM UTC Support Center agent

Mark, could you send us your platform auth configuration settings? You can send any relevant information to

Additionally, have you checked out this support page?


Mark H Nov 08, 2018 02:18PM UTC
I figured out the problem: For some odd reason, in this instance, a request to the host name by itself responds differently than a request to the FQDN, and when I changed the Platform Auth setting to hostname only, it started working.

Liam Tai-Hogan Nov 08, 2018 02:22PM UTC Support Center agent

Thanks for the update Mark.

Post Your public answer

Your name
Your email address