Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.

More articles

1. Hack Website Online Tool
2. Hacking Tools For Windows Free Download
3. Hack Tool Apk
4. What Are Hacking Tools
5. Hacking Tools Windows 10
6. Top Pentest Tools
7. Pentest Tools Alternative
8. Black Hat Hacker Tools
9. Hacking Tools For Kali Linux
10. Pentest Tools Website Vulnerability
11. How To Hack
12. What Is Hacking Tools
13. Hacker Tools List
14. Nsa Hack Tools
15. Pentest Tools List
16. Hack Tool Apk No Root
17. Growth Hacker Tools
18. Pentest Tools For Windows
19. Hacking Apps
20. Hack App
21. Computer Hacker
22. Hack Tools For Ubuntu
23. Hacker Tools Online
24. Pentest Tools Nmap
25. Hacking Tools Github
26. Pentest Tools Nmap
27. Physical Pentest Tools
28. Wifi Hacker Tools For Windows
29. Hacking Tools For Games
30. Hack Website Online Tool
31. Hacking Tools For Kali Linux
32. What Are Hacking Tools
33. Hacking Tools For Beginners
34. Hacking Tools Hardware
35. Hacker Tools Mac
36. Android Hack Tools Github
37. What Is Hacking Tools
38. Hack Website Online Tool
39. Pentest Tools For Android
40. Pentest Recon Tools
41. Pentest Tools For Mac
42. Pentest Tools Website Vulnerability
43. Hacking Tools For Windows Free Download
44. Hacking Tools 2020
45. Hacker Tools
46. Hacking Tools Hardware
47. Pentest Tools Alternative
48. Hacking Tools Name
49. Hacker Tools For Mac
50. Ethical Hacker Tools
51. Hacker Tools 2020
52. Computer Hacker
53. World No 1 Hacker Software
54. Pentest Tools Linux
55. Pentest Tools Windows
56. Hacking Tools 2020
57. Hacking Tools For Windows
58. Hacker Tools Free
59. What Is Hacking Tools
60. Hacking Apps
61. Hacking Tools Mac
62. Nsa Hacker Tools
63. Hacking Tools Online
64. Easy Hack Tools
65. Hacking Tools For Kali Linux
66. Hacking Tools Kit
67. Hack Tools For Windows
68. Hack Tools Pc
69. Hacker Tools Github
70. Hack Tools Mac
71. Underground Hacker Sites
72. Hacking Tools For Games
73. Hacker Tools List
74. Pentest Tools Url Fuzzer
75. Pentest Reporting Tools
76. Hacking Tools Hardware
77. What Is Hacking Tools
78. Pentest Tools Open Source
79. Hacking Tools Name
80. Pentest Tools Android
81. Hacking Tools For Windows Free Download
82. Pentest Tools Android
83. Pentest Tools Url Fuzzer
84. Physical Pentest Tools
85. Tools Used For Hacking
86. Pentest Tools For Windows
87. Wifi Hacker Tools For Windows
88. Hacking Tools For Beginners
89. Wifi Hacker Tools For Windows
90. Hacking Tools For Mac
91. Pentest Automation Tools
92. Hacker Tool Kit
93. Pentest Tools
94. Pentest Tools Open Source
95. Hack Tool Apk No Root
96. Black Hat Hacker Tools
97. Kik Hack Tools
98. Hacker Tools Free Download
99. Hacking Tools For Windows 7
100. Hacker Tools Online
101. Tools Used For Hacking
102. Hak5 Tools
103. Pentest Tools Kali Linux
104. Hacker Tools Software
105. Pentest Recon Tools
106. What Is Hacking Tools
107. Install Pentest Tools Ubuntu
108. Hacking Tools Free Download
109. Hacker Tools Apk Download
110. Hack Tools Mac
111. Hacking Tools And Software
112. Hack Tool Apk No Root
113. Hacks And Tools
114. Hacking Tools Usb
115. How To Hack
116. Hacking Tools For Windows
117. Hack Tools For Pc
118. Pentest Tools For Android
119. Hacking Tools Download
120. How To Hack
121. Hacker Tool Kit
122. Tools 4 Hack
123. Tools 4 Hack
124. Pentest Tools Free
125. Pentest Tools List
126. Wifi Hacker Tools For Windows
127. New Hacker Tools
128. Pentest Tools Linux
129. Tools 4 Hack
130. Hacker Tools Apk
131. Hack Tool Apk
132. Hacking Tools And Software
133. Hack Tools Mac
134. Hackrf Tools
135. Hack Tools Online