Burp Suite User Forum

Login to post

Using CAC to authenticate for scan

Brody | Last updated: Jan 15, 2020 09:58PM UTC

Hello all, I am trying to configure my burp suite professional tool to be able to scan URL’s that require cac authentication to the website. I have the PKCS11 set up and am able to insert my cac credentials and pin code in user options. But when I attempt to crawl and audit the URL I get the error “failed to connect” am I missing a step? When I attempt to get to the URL directly from the web browser using local host as proxy, I receive a burp certificate issue.

Hannah, PortSwigger Agent | Last updated: Jan 16, 2020 01:44PM UTC

Would you be able to provide further details of your Burp certificate issue? Are you seeing any error messages in your Burp dashboard?

Burp User | Last updated: Jan 16, 2020 07:41PM UTC

I get Proxy source, failed to connect to "URL" :443

Hannah, PortSwigger Agent | Last updated: Jan 17, 2020 10:21AM UTC

Have you installed the Burp certificate into your proxied browser? https://support.portswigger.net/customer/portal/articles/1783055-configuring-your-browser-to-work-with-burp

Hannah, PortSwigger Agent | Last updated: Jan 17, 2020 10:25AM UTC

Could you tell me what browser you are using? Are you having trouble connecting to all websites, or just that specific one? Do you normally use a LAN proxy server to access the web? If so, you will need to configure details of this in Burp at Options > Connections > Upstream proxy servers. There’s some more information here: - https://support.portswigger.net/customer/en/portal/articles/2363078-burp-suite-options-upstream-proxy-servers

Burp User | Last updated: Jan 21, 2020 05:59PM UTC

Yes the Port Swigger Certificate is installed into my browser. That is what is giving me the issue.

You need to Log in to post a reply. Or register here, for free.