Burp Suite is the most used web proxy for web application assessments. In an assessment, the configuration of the application required me to use Platform Authentication with NTLM to authenticate. When doing that I got 401 error when JS and CSS files were requested.
Something that I noticed also was that when I intercepted the request and waited for a couple seconds, the page was loading normally, and the responses were 200, which is really weird. This is what led me to write the Burp Extension which adds delay between each request.
It was clear to me that it had something to do with the platform authentication that I was using, because this was the only case that something like this happened.
The solution
After some troubleshooting, I found out that the error was returned because the application supported HTTP/2, which it seems to be too fast (?) for the NTLM authentication. So my unchecking the HTTP/2 option in Burp’s settings, all the requests returned 200. To disable HTTP/2 support, navigate to Settings -> Network -> HTTP -> HTTP/2. This made the application be clearly slower, but at least it was possible to test it.
