Monday, January 22, 2024

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.

More articles


  1. Pentest Tools Nmap
  2. Hack Tools 2019
  3. Hacker Tools Linux
  4. Pentest Tools Find Subdomains
  5. Hack Tools Mac
  6. Install Pentest Tools Ubuntu
  7. Hacking Tools Github
  8. Pentest Tools Review
  9. Pentest Tools
  10. Hack Tools Pc
  11. Hacking Tools For Games
  12. Beginner Hacker Tools
  13. Pentest Reporting Tools
  14. What Is Hacking Tools
  15. Pentest Recon Tools
  16. Hacking Tools For Windows
  17. Hacking Tools Download
  18. Hacking Tools Software
  19. Pentest Tools Url Fuzzer
  20. Hacker Tools Hardware
  21. Pentest Tools Website
  22. Pentest Tools Framework
  23. Pentest Tools Linux
  24. Hacker Tools For Ios
  25. Hacker Tools Free
  26. Best Hacking Tools 2020
  27. Pentest Tools Nmap
  28. Blackhat Hacker Tools
  29. Hacker Tools For Windows
  30. Hacker Tools Github
  31. Hacking Tools Hardware
  32. Tools Used For Hacking
  33. Pentest Recon Tools
  34. Pentest Tools Alternative
  35. Bluetooth Hacking Tools Kali
  36. Hacking Tools For Windows 7
  37. Hacker Tools 2019
  38. Hacking Tools Software
  39. Hacking Tools For Windows Free Download
  40. Pentest Tools For Mac
  41. Pentest Tools Android
  42. Hacker Techniques Tools And Incident Handling
  43. Hacker Tools Github
  44. Hacking Tools For Windows Free Download
  45. Hack Tool Apk No Root
  46. Pentest Tools For Ubuntu
  47. Hack And Tools
  48. Hacking Tools Online
  49. Hack Tools Pc
  50. Blackhat Hacker Tools
  51. Hacking Tools For Windows 7
  52. Pentest Tools Bluekeep
  53. Hacking Tools For Windows 7
  54. What Is Hacking Tools
  55. Nsa Hack Tools
  56. Wifi Hacker Tools For Windows
  57. Underground Hacker Sites
  58. Hacker Security Tools
  59. Hacking Apps
  60. Hacker Tools For Ios
  61. Pentest Tools For Windows
  62. Pentest Tools Framework
  63. Hacking Tools For Mac
  64. Pentest Tools Website Vulnerability
  65. Pentest Tools Download
  66. Hack Tools
  67. Hacker Tools Online
  68. Pentest Tools Online
  69. Hacker Tools Free Download
  70. What Are Hacking Tools
  71. Hack Tools For Mac
  72. Hacker
  73. Hack Apps
  74. Hack Tools
  75. What Are Hacking Tools
  76. Hack Tools For Windows
  77. Black Hat Hacker Tools
  78. Pentest Tools Online
  79. Github Hacking Tools
  80. Hacker Tools For Windows
  81. Hacks And Tools
  82. Hack Tools For Pc
  83. Pentest Recon Tools
  84. Hacking Tools And Software
  85. Ethical Hacker Tools
  86. Pentest Tools Framework
  87. Hack Tools Download
  88. Hack Tools For Games
  89. Nsa Hack Tools
  90. Hacker Tools For Mac
  91. Hack Tools Online
  92. Free Pentest Tools For Windows
  93. Blackhat Hacker Tools
  94. Hacking Tools 2020
  95. Best Hacking Tools 2020
  96. Hacking Tools For Kali Linux
  97. Hackers Toolbox
  98. Pentest Automation Tools
  99. Pentest Box Tools Download
  100. Hack Tools Online
  101. Hacking Tools And Software
  102. Pentest Tools Website Vulnerability
  103. Hack Website Online Tool
  104. Hacker Tools For Mac
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)