Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Show NTLM auth on requests

Maurizio | Last updated: Jan 19, 2017 10:08AM UTC

Currently NTLM authentication used in burp in not shown in any request and cannot be tracked/checked in anyway. A log should be usefull to check if there is problems. Maurizio

PortSwigger Agent | Last updated: Jan 20, 2017 04:00PM UTC

NTLM involves a three-way handshake over a single TCP connection, so for each request that Burp needs to make, it is actually issued twice, each with a different authentication header. Unlike with Basic authentication, there isn't a single request that Burp could show that includes the authentication header. However, in principle we could provide some additional logging or diagnostics of the NTLM handshake. If enough users request this feature, we'll consider adding it.

Burp User | Last updated: Mar 30, 2017 04:47PM UTC

I know that the auth is different from the basic one, but in the current configuration you cannot identify what's wrong in the NTLM auth. Also enabling burp logging the request are not saved on the log and a debugging of the auth is not possible. Currenly I got an application running on NTLMv2 that cannot get correctly the burp authentication (under firefox browser work well). Maurizio

Burp User | Last updated: Apr 30, 2017 03:49PM UTC