HTTP Digest Auth
Because, why not? ;)
No seriously, during some pentests on IoT devices I still have to deal with HTTP Digest authentication (mostly on IP cameras)
So I decided to write and publish this extension, hoping it will come in handy and save someone's time.
- Download and run Burp Suite: http://portswigger.net/burp/download.html
- Download Jython standalone JAR: http://www.jython.org/download.html
- Open burp -> Extender -> Options -> Python Environment -> Select File -> Choose the Jython standalone JAR
- Clone this repository
- Open Burp -> Extender -> Burp Extensions -> Add -> Set Extension Type to "Python" and Choose http-digest-auth.py file.
- See the "Digest Authentication" tab to setup the extension
- Click on "Digest Auth is off" and profit :)
Currently the tools supports the following features:
- Set credentials
- Auto-update nonce if it detects a "401 Unauthorized" response from the server
- Show current nonce (debug purposes only)
and it works with Repeater, Scanner and Intruder tools.
|Last updated||12 January 2022|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.