Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.

Related posts

1. Hak5 Tools
2. Hacker Tools Software
3. Best Pentesting Tools 2018
4. Hacker Tools Github
5. Hacker Tools Apk
6. Ethical Hacker Tools
7. Free Pentest Tools For Windows
8. Hack Rom Tools
9. Ethical Hacker Tools
10. Hacking Tools For Beginners
11. Hack Tools For Mac
12. New Hack Tools
13. Pentest Tools Tcp Port Scanner
14. Free Pentest Tools For Windows
15. Kik Hack Tools
16. Android Hack Tools Github
17. Easy Hack Tools
18. Hacking Tools 2020
19. Hacker Tools Free
20. Hack Tool Apk
21. Hack Tools
22. Hacker Tools Apk
23. Hacker Tools Online
24. Hacker Tools 2019
25. Black Hat Hacker Tools
26. Ethical Hacker Tools
27. Hacker Tools 2020
28. Hacker Tools List
29. Hacker Tools For Windows
30. Pentest Tools List
31. Physical Pentest Tools
32. Hack Tools For Mac
33. Pentest Tools Alternative
34. Pentest Tools Download
35. Ethical Hacker Tools
36. Hacking Tools For Windows 7
37. Pentest Tools Bluekeep
38. Hacker Tools Github
39. Hacker Tools For Pc
40. Hacking Tools For Mac
41. Pentest Tools Website Vulnerability
42. Pentest Tools Review
43. Hack Tools For Windows
44. New Hacker Tools
45. Termux Hacking Tools 2019
46. Hacker Hardware Tools
47. Hacking Tools For Windows Free Download
48. Hack Tools For Games
49. New Hacker Tools
50. Hack Tool Apk
51. Hacker Tools Github
52. Pentest Tools Android
53. How To Hack
54. Hacker Tools For Pc
55. Hack Tools For Pc
56. Hacking Tools For Windows
57. Pentest Automation Tools
58. Hacker Tools Free
59. Pentest Reporting Tools
60. Pentest Tools For Android
61. Nsa Hack Tools
62. Github Hacking Tools
63. Hacking Tools Mac
64. Pentest Tools Website
65. Computer Hacker
66. Hacking Tools For Pc
67. What Are Hacking Tools
68. Hacking Tools Hardware
69. Hack Apps
70. Hacks And Tools
71. Hacker Tool Kit
72. Hacking Tools Windows
73. Game Hacking
74. Tools Used For Hacking
75. Hacking Tools Name
76. Pentest Tools Url Fuzzer
77. Hack Tool Apk No Root
78. Hak5 Tools
79. Hack Tools For Windows
80. Pentest Tools Kali Linux
81. Pentest Tools For Android
82. Blackhat Hacker Tools
83. Hacker Tools Software
84. Usb Pentest Tools
85. Hack And Tools
86. Hacker Tools Apk Download
87. Hack Apps
88. Pentest Tools Open Source
89. Hacker Tools List
90. Hacker Tools For Windows
91. Pentest Tools Website Vulnerability
92. Pentest Tools Website
93. Best Hacking Tools 2019
94. Hacker Tools Github
95. Hack Tools Github
96. Pentest Tools
97. Hack Rom Tools
98. Hacks And Tools
99. Bluetooth Hacking Tools Kali
100. Pentest Tools Android
101. Hacker Tools For Mac
102. How To Make Hacking Tools
103. Pentest Tools Review
104. What Is Hacking Tools
105. Pentest Tools Kali Linux
106. Hacking Tools Name
107. Pentest Tools For Mac
108. Best Pentesting Tools 2018
109. Hacking Tools Github
110. Hacking Tools For Pc
111. Hack Apps
112. Pentest Tools Github
113. Hacker Security Tools
114. How To Make Hacking Tools
115. Usb Pentest Tools
116. Hackrf Tools
117. Pentest Tools Free
118. Hacking Tools For Beginners
119. Underground Hacker Sites
120. Hacking Tools Software
121. Hacker Tools