Monday, January 22, 2024

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
Related word
  1. Bluetooth Hacking Tools Kali
  2. Pentest Tools For Ubuntu
  3. Hacker Tools For Windows
  4. Hacker Security Tools
  5. Kik Hack Tools
  6. Pentest Tools Port Scanner
  7. Hack Tools For Games
  8. Hack Tools For Windows
  9. Hackrf Tools
  10. Hack Tools For Windows
  11. Hack Tools 2019
  12. Pentest Tools For Windows
  13. Ethical Hacker Tools
  14. Hacking Tools Free Download
  15. Top Pentest Tools
  16. Best Hacking Tools 2020
  17. Nsa Hacker Tools
  18. Hacking Tools And Software
  19. Pentest Reporting Tools
  20. Hacker Tools Github
  21. Growth Hacker Tools
  22. Hacking Tools And Software
  23. New Hacker Tools
  24. Hacking Tools And Software
  25. Hacker Tools Linux
  26. Pentest Tools Bluekeep
  27. Hacker Tools For Ios
  28. Pentest Tools Apk
  29. Hacker Tools For Pc
  30. Hacking Tools And Software
  31. Hack Tool Apk
  32. Hacker Tools For Windows
  33. Nsa Hack Tools Download
  34. Hacking Tools Online
  35. Pentest Recon Tools
  36. Hacker Tools Apk Download
  37. Pentest Tools Download
  38. Hack Apps
  39. Hacking Tools For Games
  40. Best Pentesting Tools 2018
  41. Hacker Tools Github
  42. Pentest Automation Tools
  43. Hacking Apps
  44. Hacks And Tools
  45. Hack Tool Apk
  46. Game Hacking
  47. Hack Tools Github
  48. Hacking App
  49. Pentest Tools For Android
  50. Hacking Tools For Kali Linux
  51. Hack Apps
  52. Pentest Tools Kali Linux
  53. Hacking Apps
  54. How To Hack
  55. Hacking Tools For Kali Linux
  56. Hack Tools For Windows
  57. Hacking Tools For Pc
  58. Pentest Tools Linux
  59. Hacker Tools For Mac
  60. Pentest Box Tools Download
  61. Hacker Hardware Tools
  62. Pentest Tools Kali Linux
  63. Hack Tools For Mac
  64. Hacking Tools Free Download
  65. Hacking Tools Windows
  66. Hacker Tools Online
  67. Hack Tools For Windows
  68. Wifi Hacker Tools For Windows
  69. Hacker Hardware Tools
  70. Hacking Tools For Windows Free Download
  71. Hacking Tools Download
  72. Pentest Tools For Windows
  73. Hacking Tools 2019
  74. Nsa Hack Tools Download
  75. New Hacker Tools
  76. Hacker Tools
  77. Hacker Tools Github
  78. Growth Hacker Tools
  79. Pentest Reporting Tools
  80. Pentest Tools Framework
  81. Hacker Tools List
  82. Hacking Tools Software
  83. Bluetooth Hacking Tools Kali
  84. Hacker Tools For Pc
  85. Nsa Hacker Tools
  86. Hacker Tools Free
  87. Physical Pentest Tools
  88. Hacking Tools For Pc
  89. Hacking Tools Usb
  90. Hacker Tools 2019
  91. Pentest Tools For Mac
  92. Hack Tools Mac
  93. Pentest Tools Review
  94. Hack Tools Github
  95. Hacking Tools For Beginners
  96. Hacking Tools Github
  97. Hacker Tools For Mac
  98. Pentest Tools Github
  99. Pentest Tools Framework
  100. Nsa Hacker Tools
  101. Pentest Tools Find Subdomains
  102. Pentest Tools Free
  103. Pentest Tools Framework
  104. Hack Tools 2019
  105. Hack Tool Apk No Root
  106. Game Hacking
  107. Termux Hacking Tools 2019
  108. Growth Hacker Tools
  109. Hacking Tools Online
  110. Hackers Toolbox
  111. Hack Tools
  112. Nsa Hack Tools Download
  113. Black Hat Hacker Tools
  114. Install Pentest Tools Ubuntu
  115. Hacker Tools Free Download
  116. Hacking Tools Software
  117. How To Install Pentest Tools In Ubuntu
  118. Pentest Tools Windows
  119. Install Pentest Tools Ubuntu
  120. Pentest Tools Subdomain
  121. Hacker Tools List
  122. Hack Tools Online
  123. Hack Apps
  124. Hack Tools Mac
  125. Hacker Security Tools
  126. Pentest Tools Online
  127. Pentest Tools Port Scanner
  128. Pentest Tools Website
  129. Hacker Tools Linux
  130. Pentest Tools Port Scanner
  131. Ethical Hacker Tools
  132. Hack Tools Download
  133. Hack Tools For Windows
  134. Pentest Tools Url Fuzzer
  135. Hacking Tools 2020
  136. Hacking Tools Hardware
  137. World No 1 Hacker Software
  138. Game Hacking
  139. Hacker Security Tools
  140. Hacker Tools Software
  141. Pentest Tools Subdomain
  142. Hacker Tools Windows
  143. World No 1 Hacker Software
  144. Pentest Tools For Mac
  145. Hacking Tools Github
  146. Hacker Tools
  147. Tools For Hacker
  148. Nsa Hack Tools Download
  149. Termux Hacking Tools 2019
  150. Hack App
  151. Hack Website Online Tool
  152. Hacking Apps
  153. Pentest Tools Github
  154. Physical Pentest Tools
  155. Hacking Tools For Mac
  156. Pentest Tools Online
  157. Hacking App
  158. Pentest Reporting Tools
  159. Pentest Tools Android
  160. Hacker Tools 2020
  161. Hacking Tools Usb
  162. Hack Tools Pc
  163. Hacking Tools For Mac
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)