Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.

Related word

1. Hacking Tools For Windows 7
2. Hacking Tools Pc
3. Hacker Search Tools
4. Termux Hacking Tools 2019
5. Pentest Tools Online
6. Hack Rom Tools
7. Hacking Tools Name
8. Underground Hacker Sites
9. Hack Tools For Mac
10. Hack And Tools
11. Hack Tools Download
12. Hacking Tools Online
13. Hacking Tools For Pc
14. Wifi Hacker Tools For Windows
15. Hacking Tools Mac
16. Pentest Tools For Android
17. Hacker Tools For Windows
18. Hacking Tools Online
19. Hacker Tools Apk
20. New Hacker Tools
21. Black Hat Hacker Tools
22. Android Hack Tools Github
23. Pentest Tools Url Fuzzer
24. Hacking Tools For Windows Free Download
25. Pentest Tools
26. Hacker Tools For Mac
27. Hacker Hardware Tools
28. Hacking Tools For Games
29. Hack And Tools
30. What Are Hacking Tools
31. Pentest Tools Website
32. Pentest Box Tools Download
33. Hacking Tools Download
34. Hack Rom Tools
35. Hack Tools For Pc
36. Hackers Toolbox
37. Pentest Box Tools Download
38. Nsa Hacker Tools
39. Pentest Tools Tcp Port Scanner
40. How To Install Pentest Tools In Ubuntu
41. Hacker Tools List
42. Hack Tools
43. Hacker Tools Linux
44. Pentest Tools Url Fuzzer
45. Hacking Tools Online
46. Beginner Hacker Tools
47. Pentest Tools Website Vulnerability
48. Hacker Hardware Tools
49. Hack Tools For Mac
50. Computer Hacker
51. Hack And Tools
52. Hacker Tools Apk Download
53. Github Hacking Tools
54. Pentest Tools Kali Linux
55. Pentest Tools Android
56. Hackers Toolbox
57. Usb Pentest Tools
58. Nsa Hacker Tools
59. Hacker Tools Online
60. Pentest Tools For Ubuntu
61. Android Hack Tools Github
62. Pentest Tools Kali Linux
63. Hacking Tools And Software
64. Hacker Tools Linux
65. Hacking Tools For Beginners
66. Hacking Tools Mac
67. Hacker Tools Online
68. Pentest Tools Website
69. What Is Hacking Tools
70. Pentest Tools For Ubuntu
71. Computer Hacker
72. Hackers Toolbox
73. Nsa Hack Tools
74. Termux Hacking Tools 2019
75. Ethical Hacker Tools
76. Pentest Tools Windows
77. Hacking Tools Windows 10
78. Growth Hacker Tools
79. Hack Tools Online
80. Hacker Tools Windows
81. Pentest Tools Port Scanner
82. Hacker Hardware Tools
83. Hacker Tool Kit
84. Hackrf Tools
85. Hacker Tools For Windows
86. Hack Website Online Tool
87. Hacking Tools For Windows
88. Pentest Tools Kali Linux
89. Pentest Tools Website Vulnerability
90. Pentest Tools Open Source
91. Hacking Tools Name
92. Computer Hacker
93. Hack Tools Download
94. Pentest Tools For Ubuntu
95. Pentest Box Tools Download
96. Hacking Tools 2019
97. Pentest Tools Bluekeep
98. Hacking Tools For Mac
99. Pentest Tools
100. Pentest Tools Nmap
101. Hacking Tools Mac
102. Pentest Tools Port Scanner
103. Hacking Tools Free Download
104. Hacking Tools Github
105. Growth Hacker Tools
106. Hacker Tools Online
107. Hacking Tools Windows 10
108. Physical Pentest Tools
109. Pentest Tools Port Scanner
110. World No 1 Hacker Software
111. Hacking Tools Name
112. Github Hacking Tools
113. Hacker Tools Software
114. Hacker
115. Hacking Tools Github
116. Tools 4 Hack
117. Hacker Tools For Ios
118. Hacking Apps
119. What Is Hacking Tools
120. Hacking Tools Windows
121. New Hack Tools
122. Ethical Hacker Tools
123. Hack Tools For Pc
124. Pentest Tools Nmap
125. Pentest Tools Apk
126. Hak5 Tools
127. Top Pentest Tools
128. Easy Hack Tools
129. Hack Website Online Tool
130. Hacking Tools
131. Hacker Tools For Mac
132. Hacker Tools For Windows
133. Hacker Tools For Mac
134. Pentest Tools Linux
135. Easy Hack Tools
136. Black Hat Hacker Tools
137. Hacking Tools Free Download
138. Hacker Tools Software
139. Hack Apps
140. Pentest Tools
141. Easy Hack Tools
142. Black Hat Hacker Tools
143. Hacker Tools
144. Wifi Hacker Tools For Windows
145. Hack Tools Pc
146. Best Pentesting Tools 2018
147. Pentest Tools Apk
148. Pentest Tools For Ubuntu
149. Bluetooth Hacking Tools Kali