Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.

Related articles

1. Pentest Tools Find Subdomains
2. Hacking Tools For Mac
3. Pentest Tools Alternative
4. Hacker Security Tools
5. Tools 4 Hack
6. What Is Hacking Tools
7. Hacking Apps
8. Hak5 Tools
9. Pentest Tools Linux
10. Hacker Tools Online
11. Hacking Tools
12. Pentest Reporting Tools
13. Hack Tools
14. Hacking Tools Online
15. What Are Hacking Tools
16. Hacker Tools Apk Download
17. Hacker Tools For Mac
18. Hack Tools Mac
19. Hacking Tools For Windows Free Download
20. Hack Tools 2019
21. Pentest Tools For Windows
22. Pentest Tools Port Scanner
23. Hacking Tools Free Download
24. Hacking Apps
25. Game Hacking
26. How To Hack
27. Hacker Tools 2019
28. Bluetooth Hacking Tools Kali
29. Hacking Tools For Games
30. Pentest Tools Port Scanner
31. Pentest Tools For Ubuntu
32. Pentest Tools
33. Pentest Tools Download
34. Pentest Tools Free
35. Hacker Tools Free
36. Hacker Hardware Tools
37. Black Hat Hacker Tools
38. Hackers Toolbox
39. Github Hacking Tools
40. Hacking Tools 2019
41. Hacker Tools Apk Download
42. Hacker
43. Computer Hacker
44. Growth Hacker Tools
45. Hack Tool Apk
46. Best Hacking Tools 2019
47. Pentest Tools Linux
48. Hack Tools For Mac
49. Hackrf Tools
50. Pentest Tools For Ubuntu
51. Hacking Tools Software
52. Hack Website Online Tool
53. Hack App
54. Hacker Tools Hardware
55. Hacker Techniques Tools And Incident Handling
56. Kik Hack Tools
57. Pentest Tools Url Fuzzer
58. Pentest Tools Port Scanner
59. Hacker Techniques Tools And Incident Handling
60. Hack Tools Pc
61. Hacking Tools Usb
62. How To Make Hacking Tools
63. Nsa Hacker Tools
64. Hacking Tools 2019
65. Growth Hacker Tools
66. Best Hacking Tools 2019
67. Pentest Tools Kali Linux
68. How To Make Hacking Tools
69. Hacking Tools Mac
70. Hacker Tools For Mac
71. Hacking Tools Online
72. Hacking Tools For Kali Linux
73. Hack Tools Github
74. Hacking App
75. Hacker Tools Mac
76. Hacking Tools Name
77. Hacker Tools Apk
78. Pentest Tools Linux
79. Nsa Hack Tools
80. Hacking Tools For Pc
81. Pentest Tools Android
82. Hack Tools
83. Hacker Tools Linux
84. Hacker Hardware Tools
85. Hacking App
86. Hacker Tools Software
87. Hacks And Tools
88. Hack Apps
89. Hacker Tools Free
90. Pentest Tools Alternative
91. Hacking Tools Name
92. Pentest Tools Alternative
93. Pentest Tools Subdomain
94. Hacking Tools For Windows 7
95. Hack Apps
96. Nsa Hacker Tools
97. Pentest Tools Framework
98. Hack App
99. Hacker Tools Hardware
100. Hacker
101. Hacker Techniques Tools And Incident Handling
102. Hacks And Tools
103. Pentest Recon Tools
104. Best Hacking Tools 2019
105. Hacker Security Tools
106. Hack App
107. How To Make Hacking Tools
108. Growth Hacker Tools
109. Hacking Tools Free Download
110. Game Hacking
111. Easy Hack Tools
112. Hacking Tools For Mac
113. Pentest Tools Kali Linux
114. Hacker Tools Linux
115. New Hack Tools
116. Hacker Tools For Pc
117. Hacker Tools Free Download
118. Hacking Tools And Software
119. Hacking Tools 2020
120. Hacking Tools Usb
121. Hacking Tools Free Download
122. Github Hacking Tools
123. Wifi Hacker Tools For Windows
124. Install Pentest Tools Ubuntu
125. Hacking Tools For Beginners
126. Hacking App
127. Hack Tools
128. Hacking Tools For Windows Free Download
129. Hacking Tools For Windows Free Download
130. Hacking Tools For Mac
131. Pentest Tools
132. Hacking App