ဧည္႔စရင္း


Amazing Counters

hit counter

Wednesday, May 31, 2023

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
Related word

  1. Hack Rom Tools
  2. Wifi Hacker Tools For Windows
  3. Github Hacking Tools
  4. Usb Pentest Tools
  5. World No 1 Hacker Software
  6. New Hack Tools
  7. Hacker Tools Windows
  8. Pentest Tools Free
  9. Hacking Tools
  10. Hacking Tools Name
  11. Hacker Tools Software
  12. Pentest Tools Open Source
  13. Tools Used For Hacking
  14. Pentest Tools Free
  15. Github Hacking Tools
  16. Hacking Tools And Software
  17. Hack Tools Online
  18. Hacking Tools And Software
  19. Hacker Tools Windows
  20. New Hack Tools
  21. New Hack Tools
  22. Hacking Tools
  23. Hacking Tools For Pc
  24. Hacker Techniques Tools And Incident Handling
  25. Nsa Hack Tools
  26. Hack Tool Apk No Root
  27. Pentest Tools
  28. Hacking Tools Pc
  29. Hacking Tools For Windows Free Download
  30. Hacker Tools For Windows
  31. Hacker Tools Software
  32. Best Pentesting Tools 2018
  33. Hackrf Tools
  34. Pentest Tools Subdomain
  35. Hacking Tools Mac
  36. Hack Tools For Windows
  37. Hacker Tools Apk Download
  38. Hack Tools
  39. Pentest Tools Free
  40. Hacker Tools Windows
  41. Pentest Tools For Android
  42. Tools For Hacker
  43. Pentest Tools Alternative
  44. Hacker Tools Hardware
  45. Hacking Tools For Kali Linux
  46. Hacking App
  47. Free Pentest Tools For Windows
  48. Pentest Tools Review
  49. Hack Tools Pc
  50. Tools 4 Hack
  51. Pentest Tools Framework
  52. Hacking Apps
  53. How To Install Pentest Tools In Ubuntu
  54. Hacker Tools List
  55. Hacker Tools Apk Download
  56. Hacker Tools Hardware
  57. What Are Hacking Tools
  58. Hacker Tools For Mac
  59. Hacker Hardware Tools
  60. Pentest Tools Website
  61. Hacker Tools Apk
  62. Hacking Apps
  63. Pentest Tools Url Fuzzer
  64. Hacking Tools Usb
  65. Hacking Tools For Windows Free Download
  66. Hacker Tools For Mac
  67. Hack Tools
  68. Android Hack Tools Github
  69. Hack App
  70. Hacker Tools Apk
  71. Hack And Tools
  72. Ethical Hacker Tools
  73. Best Hacking Tools 2020
  74. Hacker Hardware Tools
  75. Hacker Tools Mac
  76. Hacker Tools Mac
  77. Nsa Hack Tools
  78. Pentest Tools Online
  79. Hacking Tools Free Download
  80. Hacking Tools Free Download
  81. Pentest Box Tools Download
  82. Hack Website Online Tool
  83. Physical Pentest Tools
  84. Hacker Tools Apk Download
  85. Hack Tools
  86. Nsa Hack Tools Download
  87. Hacker Tools Apk
  88. Pentest Tools Nmap
  89. Black Hat Hacker Tools
  90. Hack App
  91. Tools For Hacker
  92. Growth Hacker Tools
  93. Hack And Tools
  94. Pentest Tools Linux
  95. Pentest Automation Tools
  96. Pentest Tools Linux
  97. Hacker Tools Online
  98. Hacking Tools Kit
  99. Hackrf Tools
  100. Hacking Tools For Games
  101. Hacker
  102. Pentest Tools Framework
  103. Hacker Tools Github
  104. Install Pentest Tools Ubuntu
  105. Usb Pentest Tools
  106. Pentest Tools Website
  107. Hack Tools For Ubuntu
  108. New Hack Tools
  109. Hacking Tools Mac
  110. How To Hack
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)