Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Passing NTLM credentials not working

brandon | Last updated: Oct 26, 2021 11:55PM UTC

Hi, I am using the trial version BURP Pro 2021.9.1 and trying to test the vulnerability scanning. I am using the proxy and built in BURP browser to open up my web application. My web application uses Windows authentication. When I open the application under Chrome or IE (without any proxy), it authenticates the credentials properly and opens up the web application fine. However, when I use the built in BURP browser with the proxy, it does not authenticate the user. I also noticed that when I configured CHROME or IE to use the BURP proxy, it also fails to authenticate. It seems that when the BURP proxy is not used, it authenticates properly. However, when the BURP proxy is acting as the middle man for the browsers, it does not work. Do you know what is causing this? It's preventing me from doing a scan on the application. Thank you in advance.

Hannah, PortSwigger Agent | Last updated: Oct 28, 2021 09:49AM UTC

Hi Have you set up NTLM authentication on your Burp installation? You can find this option under "User options > Connections > Platform authentication > Add".

Illas | Last updated: Feb 16, 2022 03:31PM UTC

Hello Brandon, I resolved a similar issue by following the fix mentioned in this blog: https://san3ncrypt3d.com/2021/10/26/burp/.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.