Authentication problem, can't login
Hi,
I'm using burpui 0.4.4. with burp 1.4.40 and I'm trying to use basic authentication.
OS: Centos 7.2
Python: 2.7.5
I've created a user with bui-manage, it's appearing in the burpui.cfg, but when I'm trying to login with it I've got redirected back to the login page every time.
So, the UI gives me "Logged in successfully", but I got redirected back to the login page. It seems like a web server issue to me.
There are absolutely no errors in the logs, here are the HTTP messages:
[11/Jan/2017 13:04:25] "GET /login?next=%2F HTTP/1.1" 200 - [11/Jan/2017 13:04:25] "GET /bower/bootswatch/slate/bootstrap.min.css?version=1483698427.13 HTTP/1.1" 304 - [11/Jan/2017 13:04:25] "GET /bower/datatables.net-bs/css/dataTables.bootstrap.min.css?version=1483698427.14 HTTP/1.1" 304 - [11/Jan/2017 13:04:25] "GET /static/dashboard.css HTTP/1.1" 304 - [11/Jan/2017 13:04:25] "GET /bower/jquery-ui/jquery-ui.min.js?version=1.11.4 HTTP/1.1" 304 - [11/Jan/2017 13:04:25] "GET /bower/jquery/dist/jquery.min.js?version=2.1.4 HTTP/1.1" 304 - [11/Jan/2017 13:04:25] "GET /bower/datatables.net-responsive-bs/css/responsive.bootstrap.min.css?version=1483698427.13 HTTP/1.1" 304 - [11/Jan/2017 13:04:25] "GET /bower/bootstrap/dist/js/bootstrap.min.js?version=3.3.7 HTTP/1.1" 304 - [11/Jan/2017 13:04:25] "GET /bower/typeahead.js/dist/typeahead.bundle.min.js?version=0.11.1 HTTP/1.1" 304 - [11/Jan/2017 13:04:25] "GET /bower/moment/min/moment.min.js?version=1483698427.11 HTTP/1.1" 304 - [11/Jan/2017 13:04:25] "GET /bower/datatables.net/js/jquery.dataTables.min.js?version=1483698427.11 HTTP/1.1" 304 - [11/Jan/2017 13:04:25] "GET /bower/datatables.net-bs/js/dataTables.bootstrap.min.js?version=1483698427.15 HTTP/1.1" 304 - [11/Jan/2017 13:04:25] "GET /bower/datatables.net-responsive/js/dataTables.responsive.js?version=1483698427.11 HTTP/1.1" 304 - [11/Jan/2017 13:04:25] "GET /bower/datatables.net-responsive-bs/js/responsive.bootstrap.js?version=1483698427.13 HTTP/1.1" 304 - [11/Jan/2017 13:04:30] "POST /login?next=%2F HTTP/1.1" 302 - [11/Jan/2017 13:04:30] "GET / HTTP/1.1" 302 - [11/Jan/2017 13:04:31] "GET /login?next=%2F HTTP/1.1" 200 -
I tried local auth as well, but it's not even accept my credentials.(I tried to run burpui as root)
If I turn off the authentication, the burpui works fine.