Burp Suite User Forum

Create new post

Same site, two different authentication methods (Basic first, then NTLM)

Dan | Last updated: May 06, 2016 08:04PM UTC

I'm testing an iOS application that connects to a site through an F5 BIG-IP proxy and I'm running into some interesting behavior. For the sake of example, let's call the site: proxied.site.com When you first connect to the site, you're redirected to the BIG-IP's proxied.site.com/my.policy page, which wants Basic WWW authentication. Once you're past that, it redirects you back to proxied.site.com/ , where you now get a 401 Unauthorized and it demands you authenticate via NTLM. Burp doesn't really understand how to make heads of tails of this behavior and reliably login. The quick-and-dirty workaround is to setup the NTLM part under "Platform Authentication" in Burp, login to the app (and pass the Basic auth portion) off of Burp, *then* connect to Burp and let it handle the NTLM auth and keep rolling. Is there any way to get Burp to successfully handle the same website demanding two different forms of auth?

PortSwigger Agent | Last updated: May 09, 2016 07:43AM UTC

You should be able to proxy the Basic authentication part fine, so you can let your browser take care of that, so that Burp only needs to know about the NTLM authentication. However, there is currently a limitation in Burp's NTLM implementation in that it sometimes fails to connect if an expected NTLM handshake is not received. So, if that is causing a problem on the non-NTLM part of the sequence, you'll need to do what you are already doing to get things working.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.