Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

NTLM Authentication

Michael | Last updated: Mar 13, 2015 02:57PM UTC

Hello, I am trying to access an internal application and conduct a scan. The application uses NTLMv1. When I attempt to use Platform Authentication in burp, it doesn't work. This morning I have gone so far as to clearing my cookie jar, all history in my browser and starting from the very beginning. Here is what I am doing: 1.) Open a new browser 2.) Open Burp Suite 3.) Attempt to access my application 4.) Fill in my login credentials and press enter 5.) Get redirected to a 401 page - Invalid Login Credentials I have attempted to use my networks proxy for internet access as an outgoing proxy (I can access internal applications without it) with no success. Thanks!

PortSwigger Agent | Last updated: Mar 13, 2015 03:21PM UTC

Thanks for your message. NTLM authentication can't be proxied via Burp, and you need to configure Burp with the credentials so that it can use them. You can configure these at Options / Connections / Platform authentication.

Liam, PortSwigger Agent | Last updated: Oct 18, 2015 10:15AM UTC

Hi Thanks for your message. Due to the nature of NTLM this can't be done with Burp Intruder. You could develop an extension to help you or use a specialized brute-forcing tool.

Burp User | Last updated: Mar 06, 2017 02:41PM UTC

how to use burp suite crack ntlm auth? i can crack basic but can not crack ntlm. thanks

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.