Ethereum Miner - Mine and Earn free Ethereum Doloca.net: Online Booking - Hotels and Resorts, Vacation Rentals and Car Rentals, Flight Bookings, Activities and Festivals, Tour

Thursday, January 25, 2024

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.

More articles


  1. Hack Tools
  2. Best Hacking Tools 2019
  3. Pentest Tools For Ubuntu
  4. Install Pentest Tools Ubuntu
  5. Hack Tools
  6. Pentest Tools Alternative
  7. Pentest Tools Port Scanner
  8. Hack Tool Apk
  9. Hack Tools
  10. Hack Tools For Mac
  11. Hacking App
  12. Hacker Tools For Windows
  13. Hacking Tools 2019
  14. Hacking Tools For Beginners
  15. Free Pentest Tools For Windows
  16. Hacking Tools For Beginners
  17. Hack Apps
  18. Hack And Tools
  19. Hacking Tools 2019
  20. Growth Hacker Tools
  21. Hacking Tools Kit
  22. Hacking Tools And Software
  23. Hacker Tools Windows
  24. Pentest Tools Kali Linux
  25. Hack Tools Mac
  26. Hacker Tool Kit
  27. Hacker Tools For Pc
  28. Hacks And Tools
  29. Nsa Hack Tools
  30. Wifi Hacker Tools For Windows
  31. Hacker Tools Mac
  32. Hacker Tools 2019
  33. Pentest Tools Windows
  34. Beginner Hacker Tools
  35. New Hacker Tools
  36. Hack Tools For Pc
  37. Hacking App
  38. Hak5 Tools
  39. Pentest Tools Windows
  40. Tools Used For Hacking
  41. Hacker Tools 2019
  42. Game Hacking
  43. Best Hacking Tools 2019
  44. Hak5 Tools
  45. Pentest Tools Find Subdomains
  46. Blackhat Hacker Tools
  47. Hacking Tools 2020
  48. Hacker Tools Mac
  49. Pentest Tools Framework
  50. Pentest Tools Review
  51. Pentest Tools Url Fuzzer
  52. Pentest Tools Linux
  53. Hacks And Tools
  54. Hacking Tools 2020
  55. Hack Tools Mac
  56. Hack Tools Online
  57. Hacking Tools Pc
  58. Hacking Tools For Windows Free Download
  59. Pentest Tools Find Subdomains
  60. Nsa Hack Tools Download
  61. Pentest Recon Tools
  62. Github Hacking Tools
  63. Tools 4 Hack
  64. Pentest Tools Url Fuzzer
  65. Hacker Tools For Ios
  66. Pentest Tools Bluekeep
  67. New Hacker Tools
  68. Computer Hacker
  69. Hack Tools For Mac
  70. Pentest Tools Framework
  71. Hacking Tools For Games
  72. Hack Website Online Tool
  73. Nsa Hack Tools
  74. Hack App
  75. What Are Hacking Tools
  76. Hack Tools 2019
  77. Pentest Tools Kali Linux
  78. Best Hacking Tools 2020
  79. Android Hack Tools Github
  80. Best Hacking Tools 2019
  81. Black Hat Hacker Tools
  82. Pentest Reporting Tools
  83. Hacking Tools Windows 10
  84. Hacking Tools For Windows Free Download
  85. Hack Tools Download
  86. Hackers Toolbox
  87. Pentest Tools Port Scanner
  88. Hacking Tools Mac
  89. Hack Tools Online
  90. Ethical Hacker Tools
  91. Pentest Recon Tools
  92. Hacker Tools Hardware
  93. Hacking Tools Online
  94. Hacking Tools For Mac
  95. Pentest Tools Apk
  96. Hack Website Online Tool
  97. Pentest Tools Bluekeep
  98. New Hacker Tools
  99. Hacking Tools Windows
  100. Hak5 Tools
  101. Hacking Tools Hardware
  102. Hack App
  103. Pentest Tools Open Source
  104. Pentest Tools Alternative
  105. Pentest Automation Tools
  106. Pentest Recon Tools
  107. Tools 4 Hack
  108. Pentest Tools Bluekeep
  109. Pentest Reporting Tools
  110. Pentest Tools Bluekeep
  111. Hacker Tools 2020
  112. Pentest Tools Find Subdomains
  113. Computer Hacker
  114. New Hack Tools
  115. Hackrf Tools
  116. Hack Tools
  117. Game Hacking
  118. What Is Hacking Tools
  119. Hacker Tools Hardware
  120. Hackrf Tools
  121. Beginner Hacker Tools
  122. Hacker Tools For Ios
  123. Hacking Tools Online
  124. Hacker Tools Linux
  125. Github Hacking Tools
  126. Hacker Tools 2020
  127. Hacker Tools Free Download
  128. Hacking Tools Download
  129. Hacking Tools Software
  130. Hacking Tools For Mac
  131. Hack Tools For Ubuntu
  132. Best Hacking Tools 2020
  133. Termux Hacking Tools 2019
  134. Pentest Tools Url Fuzzer
  135. Wifi Hacker Tools For Windows
  136. New Hack Tools
  137. Termux Hacking Tools 2019
  138. Beginner Hacker Tools
  139. Computer Hacker
  140. Pentest Tools Linux
  141. New Hack Tools
  142. Beginner Hacker Tools
  143. Hack Tools For Pc
  144. New Hack Tools
  145. How To Hack
  146. Hack Tools Github
  147. Hacker Tool Kit
  148. Hacking Tools Hardware
  149. What Is Hacking Tools
  150. Hack Tools For Games
  151. Pentest Recon Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Ethereum Miner - Mine and Earn free Ethereum