viernes, 19 de enero de 2024

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.

Related word


  1. Hacker Tools Mac
  2. Hacker Tools Apk
  3. Hacker Tools Hardware
  4. How To Install Pentest Tools In Ubuntu
  5. Hacker Tools For Windows
  6. Pentest Tools For Ubuntu
  7. Usb Pentest Tools
  8. Hacker Tools Hardware
  9. Hacking Tools Github
  10. Hacks And Tools
  11. Hacking Tools And Software
  12. Hack Apps
  13. Hacking Tools For Beginners
  14. Hack App
  15. Hacker Tools For Ios
  16. Hack Tools For Ubuntu
  17. Pentest Tools Online
  18. Pentest Tools Url Fuzzer
  19. Hack Tools For Games
  20. World No 1 Hacker Software
  21. Pentest Tools Framework
  22. Hack Tools For Games
  23. What Are Hacking Tools
  24. Pentest Tools Find Subdomains
  25. Hacking Apps
  26. Nsa Hack Tools Download
  27. Hacking Tools For Windows 7
  28. New Hack Tools
  29. Hack Tools
  30. Android Hack Tools Github
  31. Hacking Tools For Windows
  32. Hacking Tools Github
  33. Nsa Hack Tools
  34. Hacker Tools Mac
  35. Computer Hacker
  36. Growth Hacker Tools
  37. Hack Tools For Windows
  38. Hacking Tools Pc
  39. Hacking Tools And Software
  40. Pentest Tools Website
  41. Hacking Tools Software
  42. Hack Tools Mac
  43. Hacking Tools Software
  44. How To Install Pentest Tools In Ubuntu
  45. Pentest Tools For Mac
  46. Pentest Tools Find Subdomains
  47. Hacker Tools Online
  48. Install Pentest Tools Ubuntu
  49. Hack Tools For Games
  50. Hacker Tools Mac
  51. What Is Hacking Tools
  52. Hacker Tools For Mac
  53. Pentest Tools Open Source
  54. Hacker Security Tools
  55. Hack Tools Pc
  56. Pentest Tools List
  57. Pentest Reporting Tools
  58. Hacking Tools Free Download
  59. Hacking Tools Download
  60. Hacker Tools Linux
  61. Hack And Tools
  62. Hacking Tools For Kali Linux
  63. Best Pentesting Tools 2018
  64. Hacker
  65. Hack Tool Apk
  66. Hack App
  67. Hacking Tools Github
  68. Pentest Tools Android
  69. World No 1 Hacker Software
  70. Pentest Tools For Ubuntu
  71. Best Hacking Tools 2020
  72. Hacker Tool Kit
  73. Game Hacking
  74. Hacking Tools Usb
  75. Hacking App
  76. Game Hacking
  77. What Is Hacking Tools
  78. Hacker Tools Windows
  79. Hacking Tools For Windows 7
  80. Kik Hack Tools
  81. Tools For Hacker
  82. Hack Tools
  83. Hacker Security Tools
  84. Hack Tools For Mac
  85. Pentest Tools For Android
  86. Growth Hacker Tools
  87. What Is Hacking Tools
  88. Hacker Tools Software
  89. Hacking App
  90. Pentest Box Tools Download
  91. Hacker Security Tools
  92. Blackhat Hacker Tools
  93. Hacking Tools Windows 10
  94. Pentest Tools Apk
  95. Ethical Hacker Tools
  96. Hackrf Tools
  97. Hak5 Tools
  98. Pentest Tools Android
  99. Hacker Tools For Windows
  100. Pentest Tools For Mac
  101. How To Hack
  102. Ethical Hacker Tools
  103. Hacker Tools Apk
  104. Hacking Tools Github
  105. Pentest Tools Apk
  106. Hacking Tools Free Download
  107. Hacker Tools For Windows
  108. Hack Tools Pc
  109. Pentest Tools Tcp Port Scanner
Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)