Scanning TLS Server Configurations With Burp Suite
In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.
You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases
Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner. The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).
It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.
Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.
This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget. The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).
If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.
You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases
TLS-Scanner
Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned. After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration. Basic tests check the supported cipher suites and protocol versions. In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.
Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner. The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).
It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.
Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.
Scan History
If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.
Additional functions will follow in later versions
Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget. The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).
If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
Related news
- Hack Apps
- Hack Tools For Ubuntu
- Pentest Tools Download
- Hacking Tools Usb
- Pentest Tools Framework
- Pentest Tools For Ubuntu
- Hacker Tools Free Download
- Hacker Tool Kit
- Hack Tools Github
- Pentest Tools Alternative
- Hacking App
- Hacker Tool Kit
- Pentest Tools Android
- Pentest Tools Github
- Hacks And Tools
- Growth Hacker Tools
- Hackers Toolbox
- Hacking Tools For Pc
- Underground Hacker Sites
- Hacker Tools
- Hacking Tools
- Hacking Tools Pc
- Pentest Tools Framework
- Hack Tools Pc
- Android Hack Tools Github
- Nsa Hack Tools Download
- How To Install Pentest Tools In Ubuntu
- Hacking Apps
- Hacker Tools Software
- Pentest Tools Open Source
- Black Hat Hacker Tools
- Pentest Tools For Ubuntu
- Hackrf Tools
- Hack Apps
- New Hack Tools
- What Is Hacking Tools
- Pentest Tools Subdomain
- Wifi Hacker Tools For Windows
- Hacker Tools Hardware
- Hacker Search Tools
- Hacking Tools Windows 10
- Bluetooth Hacking Tools Kali
- Hacker Tools 2019
- How To Hack
- Best Hacking Tools 2019
- Hacker Tool Kit
- Physical Pentest Tools
- Growth Hacker Tools
- Pentest Tools For Mac
- Hacker Security Tools
- Nsa Hacker Tools
- What Is Hacking Tools
- Pentest Tools Website
- Pentest Tools List
- Hack App
- Ethical Hacker Tools
- Underground Hacker Sites
- Hacker Tools Online
- Hacking Tools For Windows
- Hacker Tools Free
- Hak5 Tools
- How To Hack
- Hacking Tools Download
- Hacker Tools Apk Download
- Pentest Tools
- Black Hat Hacker Tools
- Hacker Tools For Windows
- Hacking Tools Pc
- Hacking Tools For Windows Free Download
- How To Make Hacking Tools
- Pentest Tools For Mac
- Game Hacking
- Hacking Tools For Windows 7
- Hacking Tools For Mac
- Termux Hacking Tools 2019
- Hacking Tools
- Hacking Tools For Mac
- Hack Rom Tools
- Pentest Tools Framework
- Pentest Tools Tcp Port Scanner
- Hacker Tools For Ios
- Pentest Automation Tools
- Hacker Tools Software
- Hacker Tools 2020
- Hack App
- Hacker Tools Apk
- Pentest Automation Tools
- Hacking Tools Software
- Hacker Tools Hardware
- Hacker Tools For Mac
- Pentest Tools Linux
- Nsa Hack Tools
- Hacking Tools Windows
- What Are Hacking Tools
- Pentest Tools Port Scanner
- How To Make Hacking Tools
- New Hack Tools
- Pentest Tools Url Fuzzer
- Hackers Toolbox
- Hacking Tools For Windows Free Download
- Pentest Tools Tcp Port Scanner
- Pentest Tools Linux
- New Hacker Tools
- Pentest Tools Free
posted by Affiliate Marketer @ 7:01 AM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home