Burp Suite User Forum

Create new post

NTLM authentication brute force

Axelia | Last updated: Mar 22, 2023 04:28PM UTC

I want to conduct a brute force attack on a NTLM app authentication login form. For some reason I a not intercepting the login requests. How do I intercept the login requests? I have noticed that when people ask similar questions, they are being redirect to this post, https://portswigger.net/support/configuring-ntlm-with-burp-suite. This is not what I want.

Michelle, PortSwigger Agent | Last updated: Mar 23, 2023 03:54PM UTC

Hi The credentials used for NTLM authentication are configured under Settings -> Network -> Connections -> Platform authentication. The messages containing these credentials are not intercepted by Burp Proxy. If you wanted to change the credentials sent with each request, you could potentially look at creating an extension to update these settings before each request to the website is sent.

Axelia | Last updated: Mar 24, 2023 03:55PM UTC

What do you mean creating an extension? Why Burp doesnt intercept these messages?

Michelle, PortSwigger Agent | Last updated: Mar 27, 2023 08:27AM UTC

Burp will only intercept HTTP/HTTPS messages. The NTLM password is not being sent by HTTP/HTTPS so needs to be changed in the settings, so to use a different password each time, the settings must be updated. This is normally a manual process, but you could potentially create an extension to automate changing this setting.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.