Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Using Burp with Integrated Windows Auth

Mark H Nov 07, 2018 07:56PM UTC

I can't seem to get Burp to authenticate a target app that uses IWA (where you get no login prompt if already authenticated in AD). I've tried configuring both NTLMv1&2 in Platform Authentication, and tried the Kerberos Bapp plugin. If go direct to the app with a browser, it comes up fine, but when I insert Burp in the middle I keep getting auth challenges from the app and can never login. The NTLM negotiation WW-Authenticate header stuff all looks OK. but the web server keeps returning 401s. (IIS, http:// site)


Liam Tai-Hogan Nov 08, 2018 11:45AM UTC Support Center agent

Mark, could you send us your platform auth configuration settings? You can send any relevant information to support@portswigger.net.

Additionally, have you checked out this support page?

- https://support.portswigger.net/customer/portal/articles/2927576-configuring-ntlm-with-burp-suite


Mark H Nov 08, 2018 02:18PM UTC
I figured out the problem: For some odd reason, in this instance, a request to the host name by itself responds differently than a request to the FQDN, and when I changed the Platform Auth setting to hostname only, it started working.

Liam Tai-Hogan Nov 08, 2018 02:22PM UTC Support Center agent

Thanks for the update Mark.


Post Your public answer

Your name
Your email address
Answer