« Home | BurpSuite Introduction & Installation » | A Google Drive 'Feature' Could Let Attackers Trick... » | ADBSploit - A Python Based Tool For Exploiting And... » | How I Hacked My IP Camera, And Found This Backdoor... » | Hacking All The Cars - Part 2 » | Top 20 Android Spy Apps That Will.Make U Fell Like... » | CEH: 10 Hacking Tools For Hackers » | Support For XXE Attacks In SAML In Our Burp Suite ... » | WiFi Hacking On Tablets » | W3AF »

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
Related word
  1. Hacker Tools Hardware
  2. Hacking Tools For Windows
  3. Pentest Tools Alternative
  4. Hacker
  5. Hack App
  6. Hacking Tools Usb
  7. Hacking Tools Name
  8. Hacking Tools For Beginners
  9. Pentest Tools For Android
  10. Hack Tool Apk No Root
  11. Hacker Tools Linux
  12. Hacker Tools Hardware
  13. Pentest Tools List
  14. Hacker Tools Free
  15. Hackrf Tools
  16. Nsa Hack Tools Download
  17. Pentest Tools Alternative
  18. Pentest Tools Website Vulnerability
  19. Hacking Tools For Windows Free Download
  20. Hacking Tools Pc
  21. Hacker Tools
  22. Blackhat Hacker Tools
  23. Hacking Tools For Games
  24. Hacking Tools And Software
  25. Black Hat Hacker Tools
  26. Hacks And Tools
  27. Blackhat Hacker Tools
  28. Hacking Tools Online
  29. Github Hacking Tools
  30. Wifi Hacker Tools For Windows
  31. Hacker Tools For Pc
  32. Hacker Tools 2020
  33. Hackers Toolbox
  34. Hacking Tools Download
  35. Beginner Hacker Tools
  36. Hacking Tools Free Download
  37. Pentest Tools For Mac
  38. Pentest Tools Online
  39. Pentest Tools Find Subdomains
  40. Hacking Tools Windows
  41. Hacker Tools For Mac
  42. Free Pentest Tools For Windows
  43. Hack App
  44. Usb Pentest Tools
  45. Hack Tools For Games
  46. Free Pentest Tools For Windows
  47. Underground Hacker Sites
  48. Blackhat Hacker Tools
  49. Hack Apps
  50. Hacker Security Tools
  51. Hacking Tools 2019
  52. Hacking Tools For Windows Free Download
  53. Wifi Hacker Tools For Windows
  54. Pentest Tools Kali Linux
  55. Hacking Tools And Software
  56. Hacker Tools For Ios
  57. Hacking Tools Windows
  58. Hacker Tools Apk Download
  59. Hacking Tools Usb
  60. Pentest Tools Download
  61. Usb Pentest Tools
  62. Pentest Tools For Mac
  63. Underground Hacker Sites
  64. Hacker Tools Apk Download
  65. Tools For Hacker
  66. Bluetooth Hacking Tools Kali
  67. Hackrf Tools
  68. Hacker Hardware Tools
  69. Hacking Tools Windows 10
  70. Hack Tool Apk
  71. Hacking Tools Github
  72. Pentest Tools Review
  73. Hack Rom Tools
  74. Pentest Tools Find Subdomains
  75. Ethical Hacker Tools
  76. Hack Tools Mac
  77. Easy Hack Tools
  78. Hacking Tools Kit
  79. Pentest Tools Find Subdomains
  80. Pentest Tools For Ubuntu
  81. World No 1 Hacker Software
  82. Hack Tools 2019
  83. Pentest Tools Tcp Port Scanner

Posted by K. Lianne on Wednesday, August 26, 2020 at 3:20 PM |

Post a Comment

Search


Previous posts

Archives

Links

Subscribe to this blog's feed
[What is this?]
Powered by Blogger
& Blogger Templates