Monday, May 29, 2023

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.

Related news


  1. Physical Pentest Tools
  2. Free Pentest Tools For Windows
  3. Hack Tools Mac
  4. Pentest Tools Online
  5. Hak5 Tools
  6. Pentest Box Tools Download
  7. Hacker Tools For Windows
  8. Hack Tools
  9. Free Pentest Tools For Windows
  10. Hacker Tools Apk Download
  11. How To Make Hacking Tools
  12. Pentest Tools Github
  13. Pentest Tools Url Fuzzer
  14. Hack Tools Online
  15. Hacking App
  16. Pentest Automation Tools
  17. Pentest Tools Bluekeep
  18. Hacker Tools Linux
  19. Best Pentesting Tools 2018
  20. Hacking Tools For Windows Free Download
  21. Hacker Tool Kit
  22. Pentest Tools Kali Linux
  23. Hacker Search Tools
  24. New Hacker Tools
  25. Game Hacking
  26. Pentest Tools Port Scanner
  27. Hacking Tools Usb
  28. How To Install Pentest Tools In Ubuntu
  29. Blackhat Hacker Tools
  30. Hack Tools For Ubuntu
  31. Bluetooth Hacking Tools Kali
  32. Nsa Hack Tools
  33. Pentest Tools For Ubuntu
  34. Hacker Tools Linux
  35. Hack And Tools
  36. Hacker Tools Hardware
  37. Computer Hacker
  38. Hacking Tools 2019
  39. Pentest Tools
  40. Hack Tools
  41. Hack Rom Tools
  42. Hacker Security Tools
  43. Hacker Techniques Tools And Incident Handling
  44. New Hacker Tools
  45. Hack Tools For Mac
  46. Hacking Tools Name
  47. Hack Tools
  48. Hacks And Tools
  49. Hacking Tools Name
  50. Pentest Recon Tools
  51. Pentest Tools For Ubuntu
  52. Hacker Tools 2020
  53. Pentest Automation Tools
  54. Pentest Tools Apk
  55. Hacker Tools Apk
  56. Hacking Tools For Beginners
  57. Hacker Tools For Pc
  58. New Hack Tools
  59. Nsa Hack Tools
  60. Game Hacking
  61. Pentest Recon Tools
  62. Underground Hacker Sites
  63. Hack Website Online Tool
  64. Android Hack Tools Github
  65. Hak5 Tools
  66. Hacker Tools
  67. Black Hat Hacker Tools
  68. Hacker Tools 2019
  69. Hackrf Tools
  70. Hack Tools
  71. Hack App
  72. Hack Tool Apk
  73. Best Hacking Tools 2020
  74. Github Hacking Tools
  75. Usb Pentest Tools
  76. Pentest Tools Download
  77. Nsa Hack Tools
  78. Ethical Hacker Tools
  79. Pentest Tools Kali Linux
  80. Computer Hacker
  81. Tools 4 Hack
  82. Hacking Tools 2020
  83. Underground Hacker Sites
  84. Hacking Tools Windows
  85. Hack Apps
  86. Tools Used For Hacking
  87. Hacking Tools
  88. Hacker Tools Free
  89. Hacking Tools Download
  90. Pentest Tools Framework
  91. Pentest Tools For Ubuntu
  92. Hacker Tools Apk
  93. Hacker Tools For Mac
  94. Hack Tool Apk
  95. Hacking Tools For Pc
  96. How To Install Pentest Tools In Ubuntu
  97. Best Pentesting Tools 2018
  98. Termux Hacking Tools 2019
  99. Hacker Techniques Tools And Incident Handling
  100. Hack Tools For Windows
  101. Black Hat Hacker Tools
  102. Hacker Tools For Windows
  103. Hacker Tools Free
  104. Pentest Tools Framework
  105. Hacker Tools
  106. Tools For Hacker
  107. Hacker Tools Linux
  108. Hacking Tools And Software
  109. Pentest Tools Alternative
  110. Top Pentest Tools
  111. Install Pentest Tools Ubuntu
  112. Hacker Tools List
  113. Usb Pentest Tools
  114. Pentest Tools Linux
  115. Hacker Tools Online
  116. Hacker
  117. Nsa Hack Tools Download
  118. Hacking Tools Kit
  119. Tools Used For Hacking
  120. Hacker Search Tools
  121. Pentest Tools For Mac
  122. Free Pentest Tools For Windows
  123. Hack Tools Pc
  124. Pentest Tools Github
  125. Pentest Tools Android
  126. Hack Tools
  127. Pentest Tools Website Vulnerability
  128. Hacking Tools For Beginners
  129. Hack App
  130. Tools For Hacker
  131. Hack Tools For Pc
  132. Pentest Tools Android
  133. Pentest Automation Tools
  134. Best Hacking Tools 2019
  135. Hacking Tools For Kali Linux
  136. Hacking Tools Kit
  137. Hack Tools
  138. Hack Tools Mac
  139. Pentest Tools For Android
  140. Hacker Tools Mac
  141. Pentest Tools Linux
  142. Beginner Hacker Tools
  143. Pentest Tools Subdomain
  144. Best Hacking Tools 2019
  145. Hack Tools Github
  146. Hacker Tools For Mac
  147. Pentest Recon Tools
  148. Hacker Tools For Windows
  149. Underground Hacker Sites
  150. Pentest Box Tools Download
  151. Hacker Tools 2019
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)