Monday, January 22, 2024

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.

Related word


  1. Pentest Tools Linux
  2. Ethical Hacker Tools
  3. Ethical Hacker Tools
  4. How To Hack
  5. Hacking Tools Pc
  6. Hacker Tools Github
  7. Tools 4 Hack
  8. Hacking Tools For Beginners
  9. Hacker Tools Linux
  10. Hacking Tools Online
  11. Pentest Reporting Tools
  12. Pentest Tools
  13. Hacker Tools For Pc
  14. Pentest Tools List
  15. Hacker Tools 2019
  16. Wifi Hacker Tools For Windows
  17. Best Hacking Tools 2019
  18. Hack Tools Download
  19. Pentest Tools Download
  20. Hacker
  21. New Hack Tools
  22. Physical Pentest Tools
  23. Hack Tools Mac
  24. Hacking Tools
  25. Hacker Tools Free Download
  26. Hacking Tools Online
  27. Hacks And Tools
  28. Pentest Tools Kali Linux
  29. Hack Tools
  30. Hacking Apps
  31. Hack Tools For Ubuntu
  32. World No 1 Hacker Software
  33. Hacking Tools Download
  34. Hacker Tools For Pc
  35. Hacker Tools Online
  36. Hacking Tools Usb
  37. New Hack Tools
  38. Best Hacking Tools 2020
  39. Easy Hack Tools
  40. Hacker Tools Linux
  41. Black Hat Hacker Tools
  42. Tools Used For Hacking
  43. Hacker Tools List
  44. Hacker Tools For Windows
  45. New Hacker Tools
  46. Hacking Tools For Windows Free Download
  47. Pentest Tools Open Source
  48. Pentest Box Tools Download
  49. How To Install Pentest Tools In Ubuntu
  50. Hackrf Tools
  51. Hacks And Tools
  52. Hacking Tools
  53. Hacker Hardware Tools
  54. Hack Tools For Windows
  55. Hacking Tools For Beginners
  56. Hacker Tools Apk
  57. New Hacker Tools
  58. Hacker Tools
  59. Hack Tools Pc
  60. Hack Rom Tools
  61. Physical Pentest Tools
  62. Pentest Tools Online
  63. Hacker Tools For Ios
  64. Pentest Tools For Mac
  65. Tools 4 Hack
  66. Hacker Tools 2019
  67. Bluetooth Hacking Tools Kali
  68. Hacking Tools Download
  69. Hacking Tools Name
  70. Hacker Techniques Tools And Incident Handling
  71. Hack Tools For Pc
  72. Pentest Tools Linux
  73. Hacking Tools Mac
  74. Best Hacking Tools 2019
  75. Pentest Tools Bluekeep
  76. Hacker Tools Github
  77. Best Hacking Tools 2020
  78. Pentest Box Tools Download
  79. Pentest Tools Find Subdomains
  80. Hacking Tools 2020
  81. Hacker Tools Hardware
  82. Free Pentest Tools For Windows
  83. Pentest Tools Framework
  84. Hacking Tools Name
  85. Hack Website Online Tool
  86. Android Hack Tools Github
  87. Pentest Tools List
  88. Pentest Tools Windows
  89. Pentest Tools Website Vulnerability
  90. Hackrf Tools
  91. Hacking Tools Name
  92. Pentest Tools Framework
  93. Hacker Tools Hardware
  94. Hacking Tools For Beginners
  95. Hacker Tools
  96. Hack Tools Mac
  97. Hacking Tools Usb
  98. Hacking Tools Mac
  99. Hacking Tools Hardware
  100. Tools 4 Hack
  101. Physical Pentest Tools
  102. Hacking Tools Free Download
  103. Best Hacking Tools 2020
  104. Hacker Techniques Tools And Incident Handling
  105. Hacking Tools
  106. Hacking Tools For Kali Linux
  107. Hack Website Online Tool
  108. Hack Tool Apk No Root
  109. Android Hack Tools Github
  110. Hacking Tools Software
  111. Hack Tools Pc
  112. Hack Tools For Mac
  113. Hacker Tools Free
  114. Hack Website Online Tool
  115. Pentest Tools List
  116. Bluetooth Hacking Tools Kali
  117. Wifi Hacker Tools For Windows
  118. Hacker Tools Mac
  119. Android Hack Tools Github
  120. Hacking Tools For Windows
  121. Hacking Tools For Windows Free Download
  122. What Is Hacking Tools
  123. Hack Tools Mac
  124. Hacker Tools Apk
  125. Pentest Recon Tools
  126. Hacker Tools Online
  127. Tools Used For Hacking
  128. Hack Tools Pc
  129. Pentest Tools Windows
  130. Hacking Tools Hardware
  131. Hack Tools Pc
  132. Hacker Tools Apk
  133. Hacking Tools Mac
  134. Hacker Tools For Pc
  135. Hacking Tools For Games
  136. Hack Apps
  137. Hackers Toolbox
  138. Hacking Tools 2019
  139. Black Hat Hacker Tools
  140. Hacker Tools Software
  141. Hacking Tools For Windows
  142. Hacker Tools Online
  143. Hacker Tools For Windows
  144. Hacker Tools For Mac
  145. Hacking Tools 2020
  146. Hacker Search Tools
  147. Game Hacking
  148. Hacking Tools For Windows Free Download
  149. Black Hat Hacker Tools
  150. Hak5 Tools
  151. Pentest Tools Alternative
  152. Hacker Tools
  153. Usb Pentest Tools
  154. Hacker Security Tools
  155. Best Hacking Tools 2020
  156. Pentest Tools Review
  157. Pentest Tools Port Scanner
  158. Android Hack Tools Github
  159. Termux Hacking Tools 2019
  160. Pentest Tools For Android
  161. Hack Website Online Tool
  162. Hacker Tools List
  163. Github Hacking Tools
  164. Hacking Apps
  165. Hacking Tools For Mac
  166. Pentest Tools Bluekeep
  167. Hacking Tools For Games
  168. Hacking Tools Mac
  169. Hacker Tools Online
  170. Pentest Tools Free
  171. Hack Tools Pc
  172. Best Pentesting Tools 2018
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)