Burp Suite User Forum

Login to post

Kerberos integration strikes back

Adrian | Last updated: Apr 18, 2021 07:28AM UTC

The large majority of our applications are fully integrated with AD Kerberos, this means that currently no workable method exists to allow us to use Burp for any tests of our internal applications which is proving to be an industrial scale problem. We were intending to integrate Burp into our Devsecops platform. This must be a very widespread issue for your Enterprise customers. We are advanced long-term Burp users and have tried every possible technical implementation short of chaining other proxies such as Fiddler, which is far from ideal.

Michelle, PortSwigger Agent | Last updated: Apr 19, 2021 11:47AM UTC

Thanks for the feedback, we will pass this back to the team. I know your aim is to use Burp Suite Enterprise for this task but, if using Burp Suite Professional to perform the scan were you able to use the Kerberos Authentication BApp to extend Burp's capabilities?

You need to Log in to post a reply. Or register here, for free.