Saturday, May 27, 2023

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
Related news
  1. Hacker Tools
  2. Hacker Tools For Windows
  3. New Hacker Tools
  4. Hacker Tools Apk
  5. Blackhat Hacker Tools
  6. Hack Tools For Windows
  7. Pentest Tools Linux
  8. Hacker Tools Free
  9. Easy Hack Tools
  10. Black Hat Hacker Tools
  11. Hacker Tools Free
  12. Hacking Tools For Games
  13. Hacking App
  14. Pentest Tools Open Source
  15. Pentest Tools Url Fuzzer
  16. Hacking Tools Pc
  17. Pentest Tools For Android
  18. Hack Rom Tools
  19. Underground Hacker Sites
  20. Hacker Tools Windows
  21. Hacking Tools For Windows
  22. Pentest Box Tools Download
  23. Easy Hack Tools
  24. Hackrf Tools
  25. Free Pentest Tools For Windows
  26. Hack Tools For Pc
  27. Hacker Tools 2019
  28. Nsa Hack Tools Download
  29. Hacking Tools For Beginners
  30. Hackers Toolbox
  31. Best Hacking Tools 2020
  32. Hack Tools Download
  33. Hack Tools 2019
  34. Pentest Tools Bluekeep
  35. Hacker Tools 2020
  36. Easy Hack Tools
  37. Hacker Tools Hardware
  38. Nsa Hack Tools Download
  39. Pentest Tools For Ubuntu
  40. Underground Hacker Sites
  41. Hacking Tools Github
  42. Install Pentest Tools Ubuntu
  43. Tools 4 Hack
  44. Hacking Tools 2020
  45. Hacking Tools Download
  46. Hacking Tools Free Download
  47. Hacker Tools Windows
  48. New Hack Tools
  49. Pentest Tools Android
  50. Hack Tools
  51. Hackers Toolbox
  52. Hacker Tools Apk
  53. Pentest Automation Tools
  54. Best Hacking Tools 2019
  55. Ethical Hacker Tools
  56. Hacker Techniques Tools And Incident Handling
  57. Growth Hacker Tools
  58. Game Hacking
  59. Hacking Tools For Games
  60. Hacker Tools For Ios
  61. Pentest Tools Open Source
  62. What Are Hacking Tools
  63. Hacker Tools Apk Download
  64. Hacker Tools List
  65. Computer Hacker
  66. Hacker Tools Free Download
  67. Android Hack Tools Github
  68. Ethical Hacker Tools
  69. Pentest Tools Nmap
  70. Hack Tools For Windows
  71. Computer Hacker
  72. World No 1 Hacker Software
  73. Hacker Tools Github
  74. Best Hacking Tools 2019
  75. Hacking Tools For Windows 7
  76. Hack Tools 2019
  77. Pentest Tools Online
  78. How To Hack
  79. Underground Hacker Sites
  80. Pentest Tools Github
  81. Underground Hacker Sites
  82. Hacker Tools For Mac
  83. Hacker Tools Online
  84. Physical Pentest Tools
  85. Hack Tools For Mac
  86. Hack Tool Apk
  87. Hacker Tools Free Download
  88. Hacker Techniques Tools And Incident Handling
  89. Tools Used For Hacking
  90. Hack Tools
  91. Best Hacking Tools 2020
  92. Hacking Tools Github
  93. Pentest Tools Bluekeep
  94. Pentest Reporting Tools
  95. Hack Tools For Games
  96. Underground Hacker Sites
  97. Hacking Tools Windows
  98. Hacks And Tools
  99. Hacker Security Tools
  100. Easy Hack Tools
  101. What Are Hacking Tools
  102. Hack Tools
  103. Physical Pentest Tools
  104. Hacker Tools For Pc
  105. Pentest Tools Url Fuzzer
  106. Hacking Tools Usb
  107. Hacking Tools Online
  108. Hack Apps
  109. Hacking Tools Hardware
  110. Hacker Tools Software
  111. Pentest Tools Download
  112. Pentest Tools Kali Linux
  113. Hak5 Tools
  114. Hacking Tools And Software
  115. Game Hacking
  116. Hack Apps
  117. Hacker Hardware Tools
  118. Pentest Tools Alternative
  119. Usb Pentest Tools
  120. Pentest Tools For Windows
  121. Hack Tools For Pc
  122. Pentest Tools Alternative
  123. Hacker Tool Kit
  124. Pentest Tools Port Scanner
  125. Pentest Tools Download
  126. Hacking Tools And Software
  127. Pentest Tools Bluekeep
  128. Hack App
  129. Hack Tools For Windows
  130. Pentest Tools Port Scanner
  131. Hacking Tools For Mac
  132. Ethical Hacker Tools
  133. Best Hacking Tools 2019
  134. Pentest Tools For Windows
  135. Hack Tools For Games
  136. Hack App
  137. Hack Tools
  138. Usb Pentest Tools
  139. Hacker Tools Software
  140. Hack And Tools
  141. Hacking Tools Software
  142. Hack Tools
  143. Hacking Tools Online
  144. Install Pentest Tools Ubuntu
  145. Easy Hack Tools
  146. Hacking Tools 2020
  147. Pentest Tools Download
  148. Pentest Tools For Ubuntu
  149. Hacker Tool Kit
  150. Usb Pentest Tools
  151. Pentest Recon Tools
  152. Pentest Tools Nmap
  153. Android Hack Tools Github
  154. Hacker Tools Windows
  155. Pentest Tools Port Scanner
  156. Pentest Tools Windows
  157. Hak5 Tools
  158. Hacker Tools Windows
  159. Hacker Tools 2019
  160. Nsa Hack Tools
  161. Pentest Tools Website Vulnerability
  162. Hack Tools
  163. Physical Pentest Tools
  164. Pentest Tools For Ubuntu
  165. Physical Pentest Tools
  166. Pentest Tools Apk
  167. Hack Tool Apk No Root
  168. Pentest Box Tools Download
  169. Best Hacking Tools 2019
  170. Hacker
  171. Hacking Tools Pc
  172. Pentest Tools Nmap
  173. Bluetooth Hacking Tools Kali
  174. Hacker Tools Software
  175. Pentest Tools Online
  176. Hacker Tools Mac
  177. Hacker Tools Hardware
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)