Isnin, Januari 22, 2024

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.

More information


  1. Beginner Hacker Tools
  2. Hak5 Tools
  3. Termux Hacking Tools 2019
  4. Hacker Tools For Mac
  5. Hacking Tools Software
  6. Hacker Tools 2020
  7. Hacker Tool Kit
  8. Hacker Tools 2019
  9. Hacker Tools Apk Download
  10. Pentest Reporting Tools
  11. Hacker Tools List
  12. World No 1 Hacker Software
  13. Hacking Tools Windows 10
  14. Hacking Tools For Games
  15. Nsa Hacker Tools
  16. Hack Rom Tools
  17. Hacker Tool Kit
  18. Pentest Tools Open Source
  19. Hacking Tools 2019
  20. Pentest Tools Linux
  21. Hacker Tools For Pc
  22. Nsa Hack Tools
  23. Hack Tools For Windows
  24. Free Pentest Tools For Windows
  25. Hack Apps
  26. Hacker Tools For Windows
  27. Nsa Hacker Tools
  28. Hack Tools Pc
  29. Hack Tool Apk No Root
  30. Pentest Tools Find Subdomains
  31. Hacking Tools And Software
  32. Computer Hacker
  33. Hacker Tools Apk
  34. Hacker Tools Online
  35. What Are Hacking Tools
  36. Hack Tools For Mac
  37. Hacking Tools 2019
  38. Pentest Recon Tools
  39. Pentest Tools Linux
  40. Hacking Tools Windows 10
  41. Hack Tools For Ubuntu
  42. Hacking Tools For Beginners
  43. Hacker Tools Free Download
  44. Hacker Tools Hardware
  45. Pentest Tools List
  46. Hacking Tools Online
  47. Android Hack Tools Github
  48. Hack Tools Mac
  49. Free Pentest Tools For Windows
  50. Pentest Tools Android
  51. Install Pentest Tools Ubuntu
  52. Pentest Reporting Tools
  53. Hacking Tools Windows
  54. Hack Tool Apk No Root
  55. Hack Tool Apk
  56. Best Hacking Tools 2019
  57. Hack Tools Download
  58. Hacking Tools Online
  59. Hacker Tools Windows
  60. Hacking Tools Name
  61. Hacker Tools Mac
  62. Hacker Tools 2019
  63. Hacker Tools For Windows
  64. Pentest Tools Bluekeep
  65. Hacking Tools Usb
  66. Best Hacking Tools 2020
  67. Hacker Tools For Ios
  68. Hacker Tools
  69. Hack Tools Download
  70. Pentest Tools Free
  71. Pentest Tools Nmap
  72. Pentest Tools Android
  73. Easy Hack Tools
  74. Pentest Tools List
  75. Hacker Tool Kit
  76. Hacking Tools For Windows Free Download
  77. Hacker Tools Software
  78. Hacker Hardware Tools
  79. Hacker Search Tools
  80. Hacker Tools For Pc
  81. Hacking Tools Usb
  82. Hacker Tools Hardware
  83. Hack Tools 2019
  84. What Are Hacking Tools
  85. Hack Tools Pc
  86. World No 1 Hacker Software
  87. Hacker Tools Linux
  88. Underground Hacker Sites
  89. Hacking Tools For Windows 7
  90. Pentest Tools Tcp Port Scanner
  91. Hacking Tools For Kali Linux
  92. Pentest Tools Apk
  93. Hacker
  94. Best Hacking Tools 2020
  95. New Hacker Tools
  96. Hacker Tools Apk Download
  97. How To Hack
  98. Hacker Security Tools
  99. Hacker Tools Software
  100. Pentest Automation Tools
  101. How To Hack
  102. Best Hacking Tools 2019
  103. Top Pentest Tools
  104. Hacks And Tools
  105. Hack Tool Apk
  106. Hack Tools For Games
  107. Pentest Tools Open Source
  108. Pentest Tools Website
  109. Pentest Tools For Windows
  110. Hacker Search Tools
  111. Hacker Tools 2019
  112. Wifi Hacker Tools For Windows
  113. Hacker Tools Software
  114. Hacker Tools List
  115. Top Pentest Tools
  116. Easy Hack Tools
  117. Hacker Security Tools
  118. Android Hack Tools Github
  119. Tools For Hacker
  120. Pentest Tools Online
  121. What Is Hacking Tools
Coretan at

Tiada ulasan:

Catat Ulasan

Langgan: Catat Ulasan (Atom)