Burp Suite extension to handle HTTP Digest Authentication, which is no more supported by Burp Suite since version 2020.7.
Because, why not? ;)
No seriously, during some pentests on IoT devices I still have to deal with HTTP Digest authentication (mostly on IP cameras), and it seems other users are also struggling with this (https://forum.portswigger.net/thread/digest-auth-in-burp-was-removed-de8107ec).
So I decided to write and publish this extension, hoping it will come in handy and save someone's time.
- Download and run Burp Suite: http://portswigger.net/burp/download.html
- Download Jython standalone JAR: http://www.jython.org/download.html
- Open burp -> Extender -> Options -> Python Environment -> Select File -> Choose the Jython standalone JAR
- Clone this repository
- Open Burp -> Extender -> Burp Extensions -> Add -> Set Extension Type to "Python" and Choose http-digest-auth.py file.
- See the "Digest Authentication" tab to setup the extension
- Click on "Digest Auth is off" and profit :)
Currently the tools supports the following features:
- Set credentials
- Auto-update nonce if it detects a "401 Unauthorized" response from the server
- Show current nonce (debug purposes only)
- Use the suite scope defined in the Target tab
and it works with Repeater, Scanner, Intruder and Proxy tools.
Last but not least: PRs are always welcome!