Thursday, August 20, 2020

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
More articles
  1. Hack Website Online Tool
  2. Hacking Tools For Mac
  3. Hack Tools For Pc
  4. Hacking Tools For Mac
  5. Tools 4 Hack
  6. Pentest Tools Url Fuzzer
  7. Hacking Tools Software
  8. Termux Hacking Tools 2019
  9. Hack Website Online Tool
  10. Pentest Tools Nmap
  11. Install Pentest Tools Ubuntu
  12. Pentest Reporting Tools
  13. Pentest Tools List
  14. Hacking Tools Windows
  15. Hack Tools
  16. Hack Tools
  17. Hacker Tools Linux
  18. Hacking Tools For Kali Linux
  19. Pentest Tools Review
  20. Hacker Tools
  21. Hacking Tools Download
  22. Pentest Recon Tools
  23. Hack And Tools
  24. Hacker Tools Free Download
  25. Hacking Tools Github
  26. Nsa Hack Tools
  27. Hacker
  28. Pentest Tools Framework
  29. Hacking Tools For Mac
  30. Hacking Tools Windows
  31. Hacking Tools Hardware
  32. Nsa Hacker Tools
  33. Hak5 Tools
  34. Hack Tools For Mac
  35. Hacking Tools For Kali Linux
  36. Hacker Security Tools
  37. Pentest Tools Android
  38. Android Hack Tools Github
  39. Best Pentesting Tools 2018
  40. Hacking Tools Pc
  41. Hack Tools For Ubuntu
  42. Blackhat Hacker Tools
  43. Hacking Tools Name
  44. What Is Hacking Tools
  45. Hack Apps
  46. Ethical Hacker Tools
  47. Best Hacking Tools 2020
  48. Hack Tool Apk
  49. Hacker Security Tools
  50. Hacker Tools For Ios
  51. Hacker
  52. Hack Tools 2019
  53. Hacking Tools Usb
  54. Easy Hack Tools
  55. Ethical Hacker Tools
  56. Pentest Tools Framework
  57. Hacking Tools For Kali Linux
  58. Nsa Hacker Tools
  59. Nsa Hack Tools Download
  60. Hack Website Online Tool
  61. Pentest Tools Website
  62. Nsa Hacker Tools
  63. Install Pentest Tools Ubuntu
  64. Game Hacking
  65. Hacking Tools Windows 10
  66. Hack Tools Download
  67. Hacker Tools Hardware
  68. Pentest Tools Online
  69. Pentest Automation Tools
  70. How To Make Hacking Tools
  71. Pentest Tools Subdomain
  72. Hacker Tools Apk
  73. Hacking Tools For Pc
  74. Bluetooth Hacking Tools Kali
  75. Hack Tools Github
  76. Hack Tools Mac
  77. Best Hacking Tools 2020
  78. Hacking Tools For Pc
  79. Pentest Tools Review
  80. Hacking Tools
  81. Hacker Tools Apk Download
  82. Hacker Tools 2020
  83. Hacking Tools Windows 10
  84. Best Hacking Tools 2020
  85. Hack Tools Github
  86. What Is Hacking Tools
  87. Pentest Tools Nmap
  88. Hacking Tools Github
  89. Growth Hacker Tools
  90. Best Hacking Tools 2019
  91. Pentest Tools For Ubuntu
  92. Hacker Tools Online
  93. Pentest Tools Github
  94. Pentest Tools Subdomain
  95. Hacking Tools Pc
  96. Hacker Hardware Tools
  97. Hacking Tools For Windows 7
  98. Hacking Tools Online
  99. Hackers Toolbox
  100. Hack Tools Github
  101. Hacker Tools Linux
  102. Hacker Tools Free Download
  103. Pentest Box Tools Download
  104. Pentest Tools Kali Linux
  105. Hacker Tools For Mac
  106. Hacker Tools Free
  107. World No 1 Hacker Software
  108. Install Pentest Tools Ubuntu
  109. Hacking Tools Download
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)