Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.

More info

1. Hack Tools
2. Hacking Tools 2019
3. Hacking Tools Software
4. Hacking Tools For Windows Free Download
5. Hacking Tools
6. Bluetooth Hacking Tools Kali
7. Pentest Tools Bluekeep
8. Pentest Tools Open Source
9. Hacking Tools 2020
10. Hack Tool Apk
11. Hacking Tools Windows
12. How To Install Pentest Tools In Ubuntu
13. Hacking Tools For Windows Free Download
14. Hack App
15. Pentest Tools Website Vulnerability
16. New Hacker Tools
17. Hacking Tools Software
18. Hackrf Tools
19. Tools For Hacker
20. Android Hack Tools Github
21. Hacking Tools Windows 10
22. Pentest Automation Tools
23. Hacking Tools For Windows 7
24. Pentest Tools Download
25. Hacker Tools For Pc
26. Hacking Tools For Kali Linux
27. Blackhat Hacker Tools
28. Pentest Tools Download
29. Hacker Tools Apk
30. Hacking Tools For Windows
31. Hacking Tools Kit
32. Hack Apps
33. Pentest Tools Online
34. Android Hack Tools Github
35. Hack Tools 2019
36. Hack Tools For Ubuntu
37. Hack Tools For Games
38. Hacking Tools Usb
39. Pentest Tools Open Source
40. Pentest Tools Free
41. Hack Tools
42. Usb Pentest Tools
43. Computer Hacker
44. Hacker Tools Software
45. Hacker Tools For Ios
46. Hacking Tools 2020
47. Pentest Tools Port Scanner
48. Hacker Tools List
49. Best Pentesting Tools 2018
50. Hacking Tools 2020
51. Hacking Tools And Software
52. Pentest Tools Apk
53. Hacking Tools For Pc
54. Pentest Tools Bluekeep
55. Hacker Tools For Mac
56. Pentest Tools Nmap
57. Pentest Tools Subdomain
58. Tools Used For Hacking
59. Pentest Tools Bluekeep
60. Hacking Tools Windows
61. Hacker Search Tools
62. World No 1 Hacker Software
63. Pentest Tools Open Source
64. Hacker Tools Online
65. Tools Used For Hacking
66. Hack Tool Apk
67. Hacker Tools
68. Pentest Tools Windows
69. Hacker Hardware Tools
70. Hacker Tools Apk
71. Hacking Tools For Beginners
72. Hack Tool Apk No Root
73. Hack Rom Tools
74. New Hack Tools
75. Hacker Search Tools
76. Pentest Tools For Android
77. Hack Tool Apk
78. Hacking Tools Windows 10
79. Hacker Tools For Mac
80. Game Hacking
81. Hackrf Tools
82. What Are Hacking Tools
83. Hacking Tools For Windows
84. Hacker Tools For Windows
85. Hacking Tools Software
86. Pentest Tools Nmap
87. Hack Tools For Ubuntu
88. How To Make Hacking Tools
89. Hacking Tools Windows
90. Pentest Tools Url Fuzzer
91. Hacking Tools Software
92. Computer Hacker
93. Hacking Tools
94. Github Hacking Tools
95. Tools For Hacker
96. What Are Hacking Tools
97. Pentest Tools List
98. How To Make Hacking Tools
99. Tools 4 Hack
100. Pentest Tools Kali Linux
101. Bluetooth Hacking Tools Kali
102. Hacking Tools For Windows
103. Hacker Tools 2020
104. Hacker Tools Mac
105. Hacker Tools List
106. Pentest Recon Tools
107. Hacking Tools For Pc
108. Hacker Hardware Tools
109. Pentest Tools For Mac
110. Bluetooth Hacking Tools Kali
111. Computer Hacker
112. Tools For Hacker
113. Hacking Tools For Windows 7
114. Best Hacking Tools 2020
115. Hacking Tools Free Download
116. Hack Tools Mac
117. Pentest Reporting Tools
118. Hacking Tools For Pc
119. Pentest Tools Website Vulnerability
120. Hacks And Tools
121. Hack Tools For Games
122. Pentest Tools Github
123. Pentest Tools Website Vulnerability
124. Black Hat Hacker Tools
125. Pentest Recon Tools