Tuesday, August 25, 2020

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.

Continue reading


  1. Hack Tools For Games
  2. Hacking Tools Windows
  3. Hacking Tools For Mac
  4. Hacking Tools Mac
  5. Hacking Apps
  6. Pentest Tools Website
  7. Pentest Tools Apk
  8. Termux Hacking Tools 2019
  9. Hackers Toolbox
  10. Hacking Tools Windows
  11. Best Hacking Tools 2019
  12. Nsa Hacker Tools
  13. Wifi Hacker Tools For Windows
  14. Best Hacking Tools 2020
  15. Blackhat Hacker Tools
  16. Hacker Tools 2019
  17. Hacker Tool Kit
  18. Pentest Box Tools Download
  19. Hacker Tools Apk Download
  20. Growth Hacker Tools
  21. Hacker Search Tools
  22. Pentest Tools
  23. Pentest Tools Open Source
  24. What Are Hacking Tools
  25. Hacking Tools And Software
  26. Hacker Tools For Mac
  27. Pentest Tools For Ubuntu
  28. Free Pentest Tools For Windows
  29. New Hacker Tools
  30. Pentest Tools Kali Linux
  31. Pentest Tools For Ubuntu
  32. Hack Apps
  33. Hack Tools For Games
  34. Hack Tools For Games
  35. Hacker
  36. Game Hacking
  37. Hacker Tools Software
  38. Hacking Tools Pc
  39. Hack App
  40. Hacker Tools Free Download
  41. Hacker Tools Software
  42. New Hacker Tools
  43. World No 1 Hacker Software
  44. Hack Tools
  45. Tools For Hacker
  46. Hack Tools Download
  47. Hacking Tools For Beginners
  48. Hacker Tools Apk Download
  49. Hak5 Tools
  50. What Is Hacking Tools
  51. Hacker Tools Free
  52. Pentest Tools List
  53. Underground Hacker Sites
  54. Hacker Search Tools
  55. Pentest Automation Tools
  56. Hack Tools For Mac
  57. Hack Tools Online
  58. Beginner Hacker Tools
  59. Game Hacking
  60. Hacking Tools Usb
  61. Hacker Tools Hardware
  62. Install Pentest Tools Ubuntu
  63. Termux Hacking Tools 2019
  64. Hacker Tools Apk Download
  65. Hack Rom Tools
  66. Tools 4 Hack
  67. Hacking Tools Windows
  68. Hacker Tools Mac
  69. Hacking Tools Github
  70. Hack Tools Online
  71. Pentest Tools For Mac
  72. Pentest Tools Find Subdomains
  73. Hacking Tools And Software
  74. How To Hack
  75. Hacker Tools 2019
  76. Pentest Tools Website
  77. Hacking Tools For Beginners
  78. Best Hacking Tools 2020
  79. Hacking App
  80. Underground Hacker Sites
  81. Hacker Tools 2020
  82. Pentest Tools Nmap
  83. Hacker Tools List
  84. Pentest Box Tools Download
  85. Pentest Tools Bluekeep
  86. Hack Tool Apk No Root
  87. Hack Tools Online
  88. Hack Tools Github
  89. Hacking Tools
  90. Pentest Tools Online
  91. Hack App
  92. Pentest Tools Free
  93. Pentest Tools
  94. Pentest Tools Android
  95. Pentest Tools
  96. Pentest Tools Linux
  97. Easy Hack Tools
  98. Hack Tool Apk No Root
  99. Hacker Tools Apk Download
  100. Hacking App
  101. Pentest Tools For Android
  102. Hacking Tools Hardware
  103. Free Pentest Tools For Windows
  104. Hacking Tools For Beginners
  105. Hacking Tools For Beginners

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)