Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Setting up Burp Pro to use PKI authentication

William | Last updated: Mar 26, 2021 10:17PM UTC

Greetings, I need to setup Burp Professional v 2021.2 to authenticate with a CAC card. I have looked at other peoples question about the same thing on your site and it looks like there is no definitive answer to the question posted. I have looked other places online for the answer and so far no luck. If there is an actual way to get the Burp Pro to do this please let me know what I need to do to set this up. In advance,thank you! Glenda Harris

Hannah, PortSwigger Agent | Last updated: Mar 29, 2021 10:15AM UTC

Hi Glenda

If you have a PKCS#11 certificate for your hardware token or smart card, you can upload it under "User options > TLS > Client TLS certificates > Add".

Have you tried using that setting?

William | Last updated: Mar 30, 2021 02:34PM UTC

Greetings, I have setup the PKCS#11 cert for the smart card on the User Options/TLS/Client TLS. I must be missing something else. When I access the application I am still being prompted for Username and Password. There must be some setting I am missing somewhere. Any ideas? In advance, thank you very much for your response. Glenda Harris

Hannah, PortSwigger Agent | Last updated: Mar 30, 2021 02:45PM UTC

Hi Glenda

If you have other specific platform authentication requirements then you can add these under "User options > Connections > Platform authentication".

You can use this to authenticate to a destination web server, using basic, NTLMv1 or NTLMv2 authentication.

William | Last updated: Mar 30, 2021 03:11PM UTC

Thanks Hannah for the hand holding. This is my first attempt at CAC auth using BURP. My next question is in the User Options/Connections/Platform Authentication section, because I want to authenticate with a CAC, what is the correct info to use for he username and password when I add the destination host information? Would the username be the CN in the CAC cert and the PW be the CAC PIN. I have been using BURP for many years now, love it, it is great, we are starting to put applications behind SSO and I am really having a hard time figuring it out. I appreciate your help very much. Thanks Glenda

Hannah, PortSwigger Agent | Last updated: Mar 31, 2021 09:34AM UTC