Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

NTLMv2 Authentication Works for some Endpoint

Ali, | Last updated: Jun 08, 2022 11:35AM UTC

Hello Everyone, I know there is a lot of question about NTLM authentication of this forum. I have read each and everyone but I am facing some weird issues. So the application I am testing works with NTLM authentication and asks for your credentials as soon as you open the page. I tried platform authentication but that did not work (I kept getting 401s). I unchecked the option "Set close on incoming requests" and now the website functions properly. However, there is some endpoint that still shows 401 when I look in http history tab. Also even if the request shows 200, I am not seeing any NTLM headers in the request. Additionally, none of the requests works in the repeater tab. As recommended by someone in another post, I tried https://techblog.mediaservice.net/2017/05/fiddler-ntlm-authentication-when-burp-suite-fails/ as well. In this case, again the website functions fine but all I see in burp are 401 responses, but I can browse the site without any issues. I am using burp professional v2022.3.9 Can someone help me out with this issue Thanks

Hannah, PortSwigger Agent | Last updated: Jun 08, 2022 12:29PM UTC

Hi You mention that you are able to browse the site - is this using Burp's browser, a proxied browser or a regular browser? Have you tried disabling HTTP/2? You can find this option in the following places: - Proxy > Options > Proxy listeners > Edit > HTTP - Project options > HTTP > HTTP/2

Ali, | Last updated: Jun 08, 2022 01:47PM UTC

Hi By browser I meant proxied browser (browser proxied through burp) Btw the problem does not exist with zap proxy.... I will try disabling http/2 and let you know.. I have enabled both "Use HTTP/1.0 in request to server" and "Use HTTP/1.0 in request to client" Also, even though platform authentication is working fine (creds are fine and the browser does not ask for credentials with every request), browser does ask for credentials after few minutes (3-4 minutes).

Hannah, PortSwigger Agent | Last updated: Jun 08, 2022 02:28PM UTC

Hi Could you drop us an email at support@portswigger.net with some screenshots of your configured platform authentication?

Ali, | Last updated: Jun 09, 2022 12:08PM UTC

Sure thing I will

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.