Thursday, June 1, 2023

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.

Related posts


  1. What Is Hacking Tools
  2. Hacker Tools For Pc
  3. Hack Tools Pc
  4. Hack Tools
  5. Pentest Tools For Ubuntu
  6. What Are Hacking Tools
  7. Growth Hacker Tools
  8. Install Pentest Tools Ubuntu
  9. Pentest Tools For Android
  10. Pentest Tools Find Subdomains
  11. Hack Tools Download
  12. Hacking Tools 2019
  13. Hacker Techniques Tools And Incident Handling
  14. Hacking Tools For Windows 7
  15. Hack Tools
  16. Hack Tools Online
  17. Hacker Hardware Tools
  18. Beginner Hacker Tools
  19. Hack Website Online Tool
  20. Hack Tools For Games
  21. Hacker Hardware Tools
  22. Pentest Tools Download
  23. Black Hat Hacker Tools
  24. Best Hacking Tools 2020
  25. Hacking Tools
  26. Pentest Tools For Ubuntu
  27. Hacker Tools For Mac
  28. Beginner Hacker Tools
  29. Hacking Tools For Games
  30. Pentest Tools Website Vulnerability
  31. Black Hat Hacker Tools
  32. Hacking Tools 2019
  33. Hacking Tools For Mac
  34. Hacker Tools Free
  35. Hacking Apps
  36. Hacking Apps
  37. Hacker Tools Apk
  38. Pentest Tools Framework
  39. Hacker Tools Windows
  40. Hacker Tools For Mac
  41. Nsa Hacker Tools
  42. Pentest Tools Android
  43. Black Hat Hacker Tools
  44. Pentest Tools Free
  45. Blackhat Hacker Tools
  46. Hack Tool Apk No Root
  47. Pentest Tools Alternative
  48. What Are Hacking Tools
  49. Pentest Tools Subdomain
  50. Hacking App
  51. Hacker Tools For Pc
  52. Hack Tools For Games
  53. Hackrf Tools
  54. Hacker Tools 2019
  55. Growth Hacker Tools
  56. Pentest Tools Linux
  57. Tools Used For Hacking
  58. Hak5 Tools
  59. Pentest Tools Online
  60. Pentest Tools For Windows
  61. Pentest Tools Nmap
  62. Kik Hack Tools
  63. Pentest Tools Website
  64. Hacking Tools Windows 10
  65. Pentest Tools Free
  66. Hacking Tools And Software
  67. Android Hack Tools Github
  68. Nsa Hack Tools
  69. How To Make Hacking Tools
  70. Hacking Tools Usb
  71. Hack Tools For Pc
  72. Game Hacking
  73. Hacking Tools For Windows
  74. Hackers Toolbox
  75. Hacker Tools Apk
  76. Pentest Tools Windows
  77. Computer Hacker
  78. Hacker Tools 2020
  79. Hacking Apps
  80. Hacker Tools Mac
  81. Hacking Tools And Software
  82. Pentest Tools Kali Linux
  83. Pentest Tools Subdomain
  84. Hacker Tools For Ios
  85. Pentest Tools Free
  86. Hacking Tools Windows 10
  87. Hacking Tools For Pc
  88. Hacking Tools And Software
  89. Pentest Tools Port Scanner
  90. Tools Used For Hacking
  91. Hacking Tools Hardware
  92. Pentest Tools Online
  93. Wifi Hacker Tools For Windows
  94. Hacking Tools And Software
  95. New Hack Tools
  96. Pentest Tools Nmap
  97. Hacking Tools Hardware
  98. Hacking Tools Pc
  99. Hack Tools For Games
  100. Hacker Tools Linux
  101. Hack Tools Download
  102. Hacking Tools For Windows Free Download
  103. Hacker Techniques Tools And Incident Handling
  104. Hacking Tools For Windows Free Download
  105. Hacking Tools 2020
  106. Nsa Hack Tools
  107. Hack Website Online Tool
  108. Hacking Tools For Beginners
  109. Hack Tools
  110. Hacker
  111. Hacker Tools 2020
  112. Hack Tools Pc
  113. Growth Hacker Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)