Burp Suite Pro Crashing with Internal Application over NTLM authentication (Http/2 Issue)

I am writing this blog as Burp suite have so much configurations, so if someone is stuck with something similar, hopefully this will help with how you can troublshoot some of these issues !!

Recently I had a team member come to me asking help troubleshooting an issue with Burp suite. He was trying to authenticate to an internal application that uses NTLM v2 with BURP to do a DAST scan. However, while trying to perform platform authentication in burp, it consistently was failing to authenticate to the application.

Note that the authentication works without burp being a proxy.

I tried few tricks such as changing the type to NTLM v1, but it did not seem to work, so I had to see what was going on by digging deep. Since this issue occurred due to Burp being in middle, I was sure this was an issue with tool misconfiguration.

I just wanted to see if this would work with fiddler, so I chained BURP with Fiddler:

I configured an Upstream Proxy in Burp to make sure all the traffic will be sent from burp to fiddler before reaching the server, and that seem to have worked!!

So what the hell is going on with BURP ??

With just BURP:

Without Burp and/or chaining with Fiddler:

Now clearly the difference is, the application works fine when negotiating with HTTP 1.0 and runs into error whilst using HTTP 2.0…

My assumption is that, fiddler somehow strips the http2 to http 1, which is why it worked with fiddler !

So, how do we fix this?

We just need to make sure we have enabled Burp to negotiate with HTTP 1.0 instead of HTTP 2.0

Under proxy -> options, you can enable http 1.0 as shown in the screenshot

Also go over to “project Options” -> “http”, change the default from HTTP 2

Written on October 26, 2021