Burp Suite User Forum

Create new post

Show NTLM auth on requests

Maurizio | Last updated: Jan 19, 2017 10:08AM UTC

Currently NTLM authentication used in burp in not shown in any request and cannot be tracked/checked in anyway. A log should be usefull to check if there is problems. Maurizio

PortSwigger Agent | Last updated: Jan 20, 2017 04:00PM UTC

NTLM involves a three-way handshake over a single TCP connection, so for each request that Burp needs to make, it is actually issued twice, each with a different authentication header. Unlike with Basic authentication, there isn't a single request that Burp could show that includes the authentication header. However, in principle we could provide some additional logging or diagnostics of the NTLM handshake. If enough users request this feature, we'll consider adding it.

Burp User | Last updated: Mar 30, 2017 04:47PM UTC

I know that the auth is different from the basic one, but in the current configuration you cannot identify what's wrong in the NTLM auth. Also enabling burp logging the request are not saved on the log and a debugging of the auth is not possible. Currenly I got an application running on NTLMv2 that cannot get correctly the burp authentication (under firefox browser work well). Maurizio

Burp User | Last updated: Apr 30, 2017 03:49PM UTC

I think that I found what is the problem. Currently BURP doesn't use signature feature on NTLMv2 authentication, so if the server check the signature the request will be not valid. The only way that I found to get it working is use fiddler to do the authentication. Maurizio

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.