Saturday, August 22, 2020

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.

Related posts


  1. Pentest Tools Windows
  2. Pentest Recon Tools
  3. Hacking Tools Windows 10
  4. Pentest Tools For Ubuntu
  5. Hacker Tools Github
  6. Pentest Recon Tools
  7. Hacking Tools Software
  8. Hacking Tools Free Download
  9. Hacking Tools Software
  10. Pentest Tools Linux
  11. Hack Tools For Mac
  12. Hacking Tools Online
  13. Hacking Tools And Software
  14. Hacker Tools Software
  15. Black Hat Hacker Tools
  16. Underground Hacker Sites
  17. Hacker Tools Apk Download
  18. Pentest Tools Online
  19. Tools Used For Hacking
  20. Hacker
  21. Pentest Tools For Windows
  22. Hacking Tools Kit
  23. Blackhat Hacker Tools
  24. Hacking Tools Github
  25. Pentest Tools For Windows
  26. Hacking Tools For Kali Linux
  27. Best Hacking Tools 2020
  28. Beginner Hacker Tools
  29. Tools 4 Hack
  30. Hacker Tools For Pc
  31. Hacker Tools Apk Download
  32. Wifi Hacker Tools For Windows
  33. Hacking App
  34. Hacking Tools Hardware
  35. Hacker Tools Linux
  36. Pentest Tools Tcp Port Scanner
  37. Pentest Tools Tcp Port Scanner
  38. Hacker Tool Kit
  39. Hacker Tools For Mac
  40. Hacking Tools Download
  41. Pentest Tools Open Source
  42. Pentest Tools Nmap
  43. Bluetooth Hacking Tools Kali
  44. Usb Pentest Tools
  45. Hacker Hardware Tools
  46. Hack Tools For Windows
  47. Hacker Security Tools
  48. Growth Hacker Tools
  49. Hacker Tools 2019
  50. Pentest Tools Nmap
  51. Pentest Tools Kali Linux
  52. Pentest Tools Website
  53. Pentest Tools Tcp Port Scanner
  54. Usb Pentest Tools
  55. Hack Tools
  56. Hacking Tools Pc
  57. Beginner Hacker Tools
  58. Pentest Tools Open Source
  59. Pentest Tools For Android
  60. Bluetooth Hacking Tools Kali
  61. Github Hacking Tools
  62. Pentest Tools Open Source
  63. Android Hack Tools Github
  64. Hack Tools For Games
  65. What Are Hacking Tools
  66. Nsa Hack Tools Download
  67. Pentest Tools Open Source
  68. Hack Tools Github
  69. Best Hacking Tools 2020
  70. Hacking Tools Download
  71. How To Hack
  72. Hacker Tools Software
  73. Tools 4 Hack
  74. Pentest Tools For Windows
  75. Hack Tools Pc
  76. Hacks And Tools
  77. Hacking Tools Pc
  78. Pentest Tools Github
  79. Hacker Techniques Tools And Incident Handling
  80. Hacking Tools Windows 10
  81. Hacking Tools Kit
  82. Pentest Tools Port Scanner
  83. Pentest Tools Download
  84. Pentest Tools Tcp Port Scanner
  85. How To Make Hacking Tools
  86. Pentest Tools Android
  87. Hacker Tools 2019
  88. Pentest Tools Subdomain
  89. Pentest Tools
  90. Hack And Tools
  91. Hacking Tools Kit
  92. Pentest Automation Tools
  93. Hack Tools For Windows
  94. Hack Tools For Mac
  95. Pentest Tools Website
  96. Wifi Hacker Tools For Windows
  97. Hacking Tools Name
  98. Pentest Tools For Mac
  99. Beginner Hacker Tools
  100. Hack And Tools
  101. Hack Tools For Mac
  102. Pentest Tools Free
  103. Pentest Tools Open Source
  104. Pentest Tools Review
  105. Hack Apps
  106. Install Pentest Tools Ubuntu
  107. Hack Apps
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)