Burp Suite User Forum

Login to post

NTLM Authentication Issues in 1.7.33

Zach | Last updated: Apr 23, 2018 03:13PM UTC

Our Red Team discovered a bug in webapps that utilize NTLM authentication. The NTLM auth requests were not being properly sent from Burpsuite 1.7.33 and access was consistently denied with working credentials. Taking Burp out of the chain resulted in successful authentication in Chrome, Explorer, or Firefox. The NTLM authentication was found to be working with Zap as the intercepting proxy too.

PortSwigger Agent | Last updated: Apr 23, 2018 03:27PM UTC

Hi Zach, Thanks for reporting this. We're aware that the way we build the NTLM authentication packets no longer precisely matches common browsers and some servers now reject this. You may find this blog explanatory: - https://techblog.mediaservice.net/2017/05/fiddler-ntlm-authentication-when-burp-suite-fails/ We are going to look at this, although unfortunately, there's a number of other items ahead in the backlog. We'll let you know when we make progress.

Burp User | Last updated: Oct 16, 2018 02:07PM UTC

Just ran into this problem yesterday using 33. 37 and the 2.0 beta both seem to act appropriately with NTLM now.

Liam, PortSwigger Agent | Last updated: Oct 16, 2018 02:10PM UTC

Thanks for the update Matt.

Burp User | Last updated: Jun 12, 2019 04:43AM UTC

Same issue here with latest stable 1.7.37 I can't use burp pro to test a SharePoint site. Zap works but burp doesn't. Works without burp in IE, Edge, Firefox, Chrome. Burp seems to be breaking the NTLMv2 auth even with correct creds. Toggling burp proxy on and off I can see SharePoint throwing 403 errors: "The security validation for this page is invalid and might be corrupted."

Liam, PortSwigger Agent | Last updated: Jun 12, 2019 07:40AM UTC

We still have this logged in our development backlog. Unfortunately, we can't provide an ETA.

Burp User | Last updated: Sep 02, 2019 02:37PM UTC

I have the same issue. ZAP works wel, but burp pro is not working https://support.portswigger.net/customer/portal/private/cases/321995

Rose, PortSwigger Agent | Last updated: Sep 03, 2019 07:44AM UTC

Thanks for your message. Which version of Burp are you using? Have you set up NTLM authentication through Burp? - https://portswigger.net/burp/documentation/desktop/options/connections#platformauth If you have and you're still struggling, please could you send an email containing a screenshot of your Dashboard > Event log and a screenshot of the configured settings in either Project options/User options > Connections > Platform Authentication to support@portswigger.net, please?

You need to Log in to post a reply. Or register here, for free.