In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.
You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases
Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner. The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).
It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.
Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.
This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget. The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).
If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.
You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases
TLS-Scanner
Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned. After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration. Basic tests check the supported cipher suites and protocol versions. In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.
Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner. The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).
It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.
Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.
Scan History
If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.
Additional functions will follow in later versions
Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget. The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).
If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
Related articles
- Hack Tools
- Hacking Tools Pc
- Hacker
- Top Pentest Tools
- Pentest Tools Nmap
- Hacker Tools Apk
- How To Make Hacking Tools
- Pentest Automation Tools
- Hacker Tools For Windows
- Hacker Tools Apk Download
- Ethical Hacker Tools
- Hacking Tools For Windows
- Hack Tools Pc
- Hacking Tools Online
- Hack Tools Download
- Hacker Tools Linux
- Pentest Tools Free
- Hacker Tools 2020
- Hacking Tools Pc
- Hacking Tools Windows
- Pentest Tools List
- Pentest Tools Android
- Game Hacking
- Hacking Tools Download
- Hacking App
- Hacker Tools Apk
- Hacker Tools Online
- Pentest Tools Framework
- Hacker Techniques Tools And Incident Handling
- Pentest Tools Open Source
- Hacking Tools Usb
- Tools Used For Hacking
- Hacking Tools Usb
- Hacker Tools Mac
- Hacking Tools Windows 10
- Hacker Tools For Mac
- Hack Tools Download
- Hack Tool Apk No Root
- Pentest Tools Github
- Hack Tool Apk
- Hacker Tools 2019
- Bluetooth Hacking Tools Kali
- Hacker Tools 2020
- Hacker Tools Online
- Hacker Tools Windows
- Install Pentest Tools Ubuntu
- Tools For Hacker
- Pentest Tools For Ubuntu
- Pentest Tools Bluekeep
- Github Hacking Tools
- Hacking Tools Kit
- Pentest Tools Nmap
- Hack Rom Tools
- Hacking Tools Pc
- Tools 4 Hack
- Hack Tools Pc
- Tools For Hacker
- Hack Rom Tools
- Pentest Box Tools Download
- Hack Tools For Ubuntu
- Nsa Hack Tools Download
- Hacker Tools List
- Hak5 Tools
- How To Hack
- Hackrf Tools
- Hack Tools For Pc
- Hacker Tools Apk
- Pentest Automation Tools
- Hack Tool Apk No Root
- Pentest Tools Linux
- Blackhat Hacker Tools
- Hacker Tools List
- Pentest Tools Online
- Hack Tools Mac
- Hacking Tools Github
- Hacking Tools Mac
- Pentest Tools For Ubuntu
- Physical Pentest Tools
- Nsa Hack Tools Download
- Hacking Tools For Windows 7
- Hacker Tools Online
- Pentest Tools Website
- Hacker Tools Online
- What Are Hacking Tools
- Pentest Tools Review
- Pentest Tools List
- Hacker Tools Free Download
- Hack Tool Apk No Root
- Hacker Tools Free
- World No 1 Hacker Software
- Hack Tool Apk No Root
- New Hacker Tools
- Pentest Tools For Mac
- Hacking Tools Usb
- Hacker Search Tools
- What Is Hacking Tools
- Pentest Box Tools Download
- Hacker Tools Free
- Pentest Tools For Android
- Hacking Tools For Windows
- Hacking Tools For Games
- Pentest Tools
- Growth Hacker Tools
- Hacker
- Hackers Toolbox
- Pentest Tools Android
- Pentest Tools For Ubuntu
- Hacker Tools Apk Download
- Hacker Tools 2020
- Hacker Tools Windows
- Hack Tools For Pc
- Pentest Tools Online
- Pentest Recon Tools
- Github Hacking Tools
- Hacker Tools 2020
- Hacking Tools Github
- Hacking Apps
- Hacking Tools For Beginners
- Hacker Tools Online
- Pentest Tools Github
- Hacker Tools Apk
- Hacking Tools Github
- Pentest Tools Open Source
- Ethical Hacker Tools
- Hacker Search Tools
- Hacking Tools Free Download
- What Are Hacking Tools
- Hacker Tools Apk Download
- How To Make Hacking Tools
- New Hacker Tools
- Hacking Tools For Windows
- What Are Hacking Tools
- Pentest Tools Linux
- Hacker Tool Kit
- Hacker Tools Software
- Pentest Tools Apk
- Hack Tools Online
- Physical Pentest Tools
- Pentest Tools Website
- Hacker Tools Apk Download
- How To Install Pentest Tools In Ubuntu
- Computer Hacker
- Hacking App
- Hack Apps
- Hacker Tools For Pc
- Android Hack Tools Github
- Nsa Hack Tools Download
- Pentest Tools Windows
- Pentest Tools For Android
- Tools 4 Hack
- Pentest Tools For Mac
- Hack Tools Mac
- Computer Hacker
- Pentest Tools Nmap
- New Hacker Tools
- Pentest Tools Url Fuzzer
- Hacking Tools For Windows
- Hacking Tools Name
- Hacker Tools Hardware
- Hack Tools
- Tools 4 Hack
- Black Hat Hacker Tools
- Hacks And Tools
- Hacker Tools Free
- Pentest Tools Github
- Hacker Techniques Tools And Incident Handling
- Pentest Tools List
- Termux Hacking Tools 2019
No comments:
Post a Comment