Wednesday, January 24, 2024

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
More info
  1. Hacking Apps
  2. Pentest Tools Website
  3. Hacking Tools For Kali Linux
  4. Hacker Tools List
  5. Hacker Tools Apk
  6. Hacking Tools For Mac
  7. Computer Hacker
  8. Black Hat Hacker Tools
  9. Hacking Tools Software
  10. Nsa Hacker Tools
  11. Hacker Tools 2020
  12. Hacking Tools Windows 10
  13. Wifi Hacker Tools For Windows
  14. Pentest Tools Find Subdomains
  15. Hacking Tools For Beginners
  16. Hacking Tools Free Download
  17. Hack Tools
  18. Hacker Tools List
  19. Hacker Tools For Ios
  20. Pentest Recon Tools
  21. Top Pentest Tools
  22. Hacking Tools For Beginners
  23. Best Pentesting Tools 2018
  24. Termux Hacking Tools 2019
  25. Hacker Tools Software
  26. Hack Tools For Windows
  27. How To Make Hacking Tools
  28. Hackers Toolbox
  29. Pentest Tools Download
  30. Hacker Tools For Ios
  31. Hacking App
  32. Growth Hacker Tools
  33. Hack Tools For Ubuntu
  34. Black Hat Hacker Tools
  35. Tools For Hacker
  36. Pentest Tools Port Scanner
  37. Pentest Tools Website
  38. Hack Tools 2019
  39. Hack Tools For Mac
  40. Ethical Hacker Tools
  41. Pentest Tools List
  42. Hacker Tools Free Download
  43. Hacking Tools Free Download
  44. Easy Hack Tools
  45. Hacking Tools Hardware
  46. Pentest Tools Website
  47. Pentest Tools Website Vulnerability
  48. Hacking Tools Windows
  49. Hak5 Tools
  50. Hack Tools Online
  51. Pentest Tools Linux
  52. Top Pentest Tools
  53. Android Hack Tools Github
  54. Hack Tools Pc
  55. Hacking Tools Github
  56. Pentest Tools Url Fuzzer
  57. Blackhat Hacker Tools
  58. World No 1 Hacker Software
  59. Pentest Tools Framework
  60. Pentest Reporting Tools
  61. Pentest Tools For Windows
  62. Wifi Hacker Tools For Windows
  63. Hack Tools Mac
  64. Hacks And Tools
  65. Hacking Tools Windows
  66. Pentest Automation Tools
  67. Pentest Tools For Ubuntu
  68. Game Hacking
  69. Pentest Tools Find Subdomains
  70. Nsa Hacker Tools
  71. Pentest Tools Review
  72. Game Hacking
  73. Hacking Tools Download
  74. Hack Tools
  75. How To Make Hacking Tools
  76. What Are Hacking Tools
  77. Hacker Tools 2020
  78. Pentest Tools Alternative
  79. Hacker Tools 2020
  80. Growth Hacker Tools
  81. Hak5 Tools
  82. Hacking Tools Github
  83. What Are Hacking Tools
  84. Hacker Security Tools
  85. How To Make Hacking Tools
  86. Hacker Security Tools
  87. Pentest Tools Android
  88. Hack App
  89. Pentest Tools Bluekeep
  90. Tools 4 Hack
  91. Hacking Apps
  92. Hacking Tools For Windows
  93. Hak5 Tools
  94. Pentest Tools Download
  95. Easy Hack Tools
  96. Beginner Hacker Tools
  97. Hacking Tools And Software
  98. Hacker Tools Online
  99. Hack Tool Apk
  100. Pentest Box Tools Download
  101. Game Hacking
  102. Pentest Tools For Android
  103. Blackhat Hacker Tools
  104. Pentest Reporting Tools
  105. Pentest Tools Find Subdomains
  106. Install Pentest Tools Ubuntu
  107. Hacker Tools 2019
  108. Hacker Tool Kit
  109. Tools Used For Hacking
  110. Pentest Tools Linux
  111. Pentest Tools Framework
  112. Hacker
  113. Pentest Tools Free
  114. Hacking Tools For Mac
  115. Hacking Tools Download
  116. Best Hacking Tools 2019
  117. Hacker Tools For Mac
  118. Hack Tools Github
  119. Pentest Tools Website
  120. Pentest Tools Find Subdomains
  121. Hacking Tools Download
  122. Hacker Tools 2019
  123. Hacker Tools For Pc
  124. Nsa Hack Tools
  125. Hacks And Tools
  126. Pentest Tools Free
  127. Pentest Tools For Android
  128. Tools For Hacker
  129. Computer Hacker
  130. Physical Pentest Tools
  131. Wifi Hacker Tools For Windows
  132. Ethical Hacker Tools
  133. Install Pentest Tools Ubuntu
  134. Hacking Tools Free Download
  135. Android Hack Tools Github
  136. Install Pentest Tools Ubuntu
  137. Hacking Tools For Mac
  138. Hacker Tools 2019
  139. Nsa Hacker Tools
  140. Hacking Tools Name
  141. Hacking Tools Software
  142. What Is Hacking Tools
  143. Hacking Tools For Windows Free Download
  144. Hack Tool Apk No Root
  145. Hack Tools For Pc
  146. Hacking Tools Hardware
  147. Hacking Tools For Games
  148. Blackhat Hacker Tools
  149. Android Hack Tools Github
  150. Hacking App
  151. Beginner Hacker Tools
  152. Hacking Tools Hardware
  153. Hacking Tools For Pc
  154. Hacking Tools Windows 10
  155. Pentest Tools Website Vulnerability
  156. Hacking Tools Hardware
  157. Tools For Hacker
  158. Hacker Tools Hardware
  159. Hack Tool Apk No Root
  160. Hacker Tools 2019
  161. Hacker Tools For Mac
  162. Hack Tools
  163. Hacker
  164. Hacks And Tools
  165. Github Hacking Tools
  166. How To Install Pentest Tools In Ubuntu
  167. Hack Tools For Games
  168. Hacker Security Tools
  169. Hacking Tools 2020
  170. Hack App
  171. Hack Tools Github
  172. Best Hacking Tools 2020
  173. Best Pentesting Tools 2018
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)