DIG DEEPER TO FIND WATER & NOT WIDER -P.M.PATEL

Tuesday, January 23, 2024

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.

Related links


  1. Pentest Automation Tools
  2. Pentest Tools Review
  3. Underground Hacker Sites
  4. Hack Tools Download
  5. Hacker Search Tools
  6. Kik Hack Tools
  7. Hacking Tools For Mac
  8. Tools For Hacker
  9. Hacker Hardware Tools
  10. Hacking Tools 2019
  11. Android Hack Tools Github
  12. New Hacker Tools
  13. Pentest Tools For Mac
  14. Hacking App
  15. Hack Tool Apk
  16. Best Hacking Tools 2020
  17. Nsa Hack Tools Download
  18. Hacker Tool Kit
  19. Pentest Tools Find Subdomains
  20. Pentest Tools Alternative
  21. Hacking Tools For Windows 7
  22. Hack Tools
  23. Hacker Search Tools
  24. Github Hacking Tools
  25. Best Hacking Tools 2019
  26. Hacking Tools Windows
  27. Pentest Tools Android
  28. Pentest Tools Online
  29. Easy Hack Tools
  30. Hacking Tools Kit
  31. Hack Rom Tools
  32. Pentest Tools For Windows
  33. Pentest Tools Android
  34. Hacking Tools Name
  35. Hack Tools For Ubuntu
  36. Hacker Tools For Windows
  37. Hacker Tools Apk Download
  38. Hacking Tools Windows 10
  39. Hacker Search Tools
  40. How To Make Hacking Tools
  41. Pentest Reporting Tools
  42. Game Hacking
  43. Hack Tools
  44. Tools Used For Hacking
  45. Underground Hacker Sites
  46. Hacker Search Tools
  47. Hack App
  48. Pentest Tools For Mac
  49. Hacking Tools Windows 10
  50. Hack Tools
  51. Hacker Tools Github
  52. Hacking Tools
  53. Pentest Tools Windows
  54. Pentest Tools Windows
  55. Pentest Tools List
  56. Hack Tools For Ubuntu
  57. Pentest Tools Review
  58. World No 1 Hacker Software
  59. How To Make Hacking Tools
  60. Pentest Tools List
  61. Hacker Tool Kit
  62. Best Hacking Tools 2019
  63. Pentest Tools Open Source
  64. Pentest Tools For Mac
  65. Pentest Tools Download
  66. Hack And Tools
  67. Free Pentest Tools For Windows
  68. Hacking Tools Windows 10
  69. Pentest Tools Windows
  70. Pentest Tools Download
  71. Hacker Tools Free
  72. Hacking Apps
  73. Physical Pentest Tools
  74. Hacker Tool Kit
  75. Hacking Tools Name
  76. Hacker Tools Free
  77. Hacking Tools Mac
  78. Hacker Tools List
  79. Hacking Tools Name
  80. Pentest Tools Open Source
  81. Nsa Hack Tools Download
  82. Hacking Tools Github
  83. Kik Hack Tools
  84. Wifi Hacker Tools For Windows
  85. Pentest Tools Url Fuzzer
  86. Hack Tools For Windows
  87. Github Hacking Tools
  88. Hacks And Tools
  89. Hack Rom Tools
  90. Pentest Tools Nmap
  91. Pentest Tools Alternative
  92. Pentest Tools Nmap
  93. Hacker Search Tools
  94. Pentest Tools Url Fuzzer
  95. Hacking Tools Hardware
  96. Pentest Tools Github
  97. Underground Hacker Sites
  98. Hack Tools For Mac
  99. Hack And Tools
  100. Pentest Reporting Tools
  101. Bluetooth Hacking Tools Kali
  102. Hacking Tools Pc
  103. Tools 4 Hack
  104. Hack Tools For Windows
  105. Computer Hacker
  106. Hacking Tools Download
  107. Hacking App
  108. Hacking Tools For Windows
  109. Hacking Tools For Windows 7
  110. What Is Hacking Tools
  111. Pentest Tools Url Fuzzer
  112. Pentest Tools Free
  113. Pentest Tools For Windows
  114. Nsa Hacker Tools
  115. Hack Tool Apk
  116. Best Pentesting Tools 2018
  117. Hacker Security Tools
  118. How To Hack
  119. Pentest Tools Kali Linux
  120. Github Hacking Tools
  121. Hacker Tools 2020
  122. Hacking Tools Name
  123. Tools 4 Hack
  124. Hack Website Online Tool
  125. Hacking Tools Kit
  126. Hacker Tools Free
  127. Hacker Tools Apk Download
  128. Hacker Tools
  129. Hacking Tools 2020
  130. Pentest Tools For Mac
  131. Termux Hacking Tools 2019
  132. World No 1 Hacker Software
  133. Black Hat Hacker Tools
  134. Pentest Tools Free
  135. Hacker Tools Github
  136. Pentest Tools Website Vulnerability
  137. Hacker Tools For Mac
  138. Pentest Tools Free
  139. Install Pentest Tools Ubuntu
  140. Hacking Tools 2020
  141. Termux Hacking Tools 2019
  142. Hacking Tools
  143. Hacking Tools For Windows 7
  144. Hacker Search Tools
  145. Hacking Tools For Windows 7
  146. Pentest Tools Find Subdomains
  147. Hack Tools Mac
  148. Pentest Tools Free
  149. Pentest Tools Tcp Port Scanner
  150. Pentest Tools For Windows
  151. Hack Tools For Windows
  152. Nsa Hack Tools
  153. Hacking Tools 2019
  154. Hacker Tools Free Download
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)