Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.

Read more

1. Hacker Techniques Tools And Incident Handling
2. Growth Hacker Tools
3. Pentest Tools Android
4. Hack Tools For Windows
5. Pentest Tools Github
6. How To Make Hacking Tools
7. Hacker Security Tools
8. Tools For Hacker
9. Easy Hack Tools
10. Hacking Tools Windows
11. Pentest Tools Windows
12. Computer Hacker
13. Pentest Recon Tools
14. Hack Website Online Tool
15. Pentest Tools Online
16. Wifi Hacker Tools For Windows
17. Usb Pentest Tools
18. Hacking Tools Mac
19. Hacker Tools For Mac
20. Hacker Techniques Tools And Incident Handling
21. Nsa Hack Tools Download
22. Hack Tools 2019
23. Hacker Tools Windows
24. Hacker Tools Free Download
25. Hack Tools
26. Hacking Tools Mac
27. Bluetooth Hacking Tools Kali
28. Hacker Tools 2020
29. New Hacker Tools
30. Hacking Tools For Windows Free Download
31. Pentest Tools For Windows
32. Hack App
33. Kik Hack Tools
34. Hacking Tools Download
35. Hacking Tools Pc
36. Hacking Tools For Beginners
37. How To Install Pentest Tools In Ubuntu
38. What Is Hacking Tools
39. Hacker Tools Mac
40. Pentest Tools Download
41. Tools 4 Hack
42. Pentest Tools Nmap
43. Hackers Toolbox
44. Pentest Tools Nmap
45. Hak5 Tools
46. Hack Tools Pc
47. Pentest Tools Tcp Port Scanner
48. Pentest Tools Alternative
49. Hacking Tools Kit
50. Pentest Tools Nmap
51. Hacker Tools Mac
52. Best Pentesting Tools 2018
53. Pentest Tools Nmap
54. Hacking Tools For Games
55. Hacking Tools And Software
56. Hacking Tools Kit
57. Hack Tools For Ubuntu
58. Hackers Toolbox
59. Hacking Tools Online
60. Free Pentest Tools For Windows
61. Nsa Hack Tools
62. Pentest Tools For Ubuntu
63. Hackrf Tools
64. Hacker Tools Mac
65. Hacker Tools For Pc
66. Hacking App
67. Pentest Tools Online
68. Hack Tools For Mac
69. Best Pentesting Tools 2018
70. Hacker Tools List
71. Hacking Tools Windows 10
72. Pentest Recon Tools
73. Pentest Tools For Ubuntu
74. Hacker Tools Apk
75. Hacks And Tools
76. Hacking Tools And Software
77. Hacking Tools Kit
78. Hack Tools
79. Hackrf Tools
80. Pentest Tools For Mac
81. Pentest Tools Nmap
82. Hacker Tools Free Download
83. Pentest Tools Linux
84. Best Pentesting Tools 2018
85. Pentest Tools Port Scanner
86. Growth Hacker Tools
87. Pentest Tools Url Fuzzer
88. Hacking Tools For Games
89. Hacker Tools Free Download
90. Hacking Tools Software
91. Install Pentest Tools Ubuntu
92. Hacker Search Tools
93. Computer Hacker
94. Hacking Tools For Mac
95. Pentest Tools Android
96. Kik Hack Tools
97. Hacking Tools Free Download
98. Hack Tools For Games
99. Hacking Tools Usb
100. Hacker
101. Hacking Tools For Games
102. Beginner Hacker Tools
103. Hacking Tools For Kali Linux
104. Nsa Hacker Tools
105. Best Hacking Tools 2019
106. Hack Tools For Windows
107. Pentest Tools Find Subdomains
108. Pentest Tools Subdomain
109. Hacking Tools For Beginners
110. Black Hat Hacker Tools
111. Tools For Hacker
112. Pentest Tools Nmap
113. Best Pentesting Tools 2018
114. Free Pentest Tools For Windows
115. Hack Tools For Ubuntu
116. Hack App
117. Kik Hack Tools
118. Top Pentest Tools
119. Install Pentest Tools Ubuntu
120. Hacking Tools Windows 10
121. Hacking Tools Usb
122. Hacker Tools Free Download
123. Hacking Tools 2020
124. Android Hack Tools Github
125. Hacker Tools Mac
126. Hack Tools For Ubuntu
127. Pentest Tools
128. Hacker Tools List
129. Pentest Reporting Tools
130. Hacker Tools Hardware
131. Physical Pentest Tools
132. Hack Tool Apk
133. Hack Tools For Games
134. Hacker Tools For Windows
135. Bluetooth Hacking Tools Kali
136. Hacker Tools Apk
137. Hacker Search Tools