Burp Suite User Forum

Create new post

Scan Audit & Crawling do not support TLS client certificate authentication

Clément | Last updated: Jun 20, 2023 08:58AM UTC

Hello, I've searched quite a bit, and it seems to me that it's not possible to use the Scanning and Crawl functionality on a website that requires Client TLS certificate authentication. When I try to scan audit/crawl the website answer with the authentication page. I've been able to configure a client TLS certificate in the Network setting and use other Burp functionalities without issues. I'm not sure if it's a bug or a feature request or if I'm missing something. Thanks.

Dominyque, PortSwigger Agent | Last updated: Jun 20, 2023 01:29PM UTC

Hi You should be able to scan these websites by configuring the certificate. In Burp, you can configure client certificates under the User options -> TLS -> Client TLS Certificates section. There is more information on how this works below: https://portswigger.net/burp/documentation/desktop/options/tls#client-tls-certificates If you are still encountering problems, please email support@portswigger.net

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.