1. Support Center
  2. BApp Store
  3. HTTP Digest Auth
Professional Community

HTTP Digest Auth


Because, why not? ;)

No seriously, during some pentests on IoT devices I still have to deal with HTTP Digest authentication (mostly on IP cameras)

So I decided to write and publish this extension, hoping it will come in handy and save someone's time.


  1. Download and run Burp Suite: http://portswigger.net/burp/download.html
  2. Download Jython standalone JAR: http://www.jython.org/download.html
  3. Open burp -> Extender -> Options -> Python Environment -> Select File -> Choose the Jython standalone JAR
  4. Clone this repository
  5. Open Burp -> Extender -> Burp Extensions -> Add -> Set Extension Type to "Python" and Choose http-digest-auth.py file.
  6. See the "Digest Authentication" tab to setup the extension
  7. Click on "Digest Auth is off" and profit :)

Currently the tools supports the following features:

  • Set credentials
  • Auto-update nonce if it detects a "401 Unauthorized" response from the server
  • Show current nonce (debug purposes only)

and it works with Repeater, Scanner and Intruder tools.

Author Pyno
Version 1.0
Last updated 12 January 2022

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for this BApp by visiting our GitHub page.
Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.
Download BApp

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore