Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burpsuite Infinite Loop when Authenticating using an Authorization Header.

Michael | Last updated: Mar 13, 2022 01:21PM UTC

I'm trying to use Burp Suite to intercept traffic to a client's web application. When accessing the web application, I am prompted with a username and password (that uses the Authorization header) popup which gets intercepted by Burp. However, when forwarding the requests it then prompts the username and password popup again. Even when turning off the intercept I get the same response. If I turn off the proxy then It goes through to the main dashboard with no problems. I've tried turning on the proxy after authenticating, but it reverts back to the login popup. I'm at a loss. This is the first time I've ever gotten a response like this. Any help is much appreciated.

Hannah, PortSwigger Agent | Last updated: Mar 14, 2022 08:49AM UTC

Hi Do you know the type of authentication that the web application is using? If it is using Basic or NTLM platform authentication, you can set this under "User options > Connections > Platform authentication". If it is using Digest or Kerberos authentication, there are some extensions in the BApp Store that can help you handle this behavior. If you'd like to add a specific cookie or parameter value, or run a macro for every request, you may want to have a look at session handling rules. These can be found under "Project options > Sessions". However, if you'd like to add a specific header to each request, you would need to use the extension "Add custom header" in the BApp Store.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.