In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.
You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases
Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner. The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).
It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.
Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.
This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget. The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).
If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.
You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases
TLS-Scanner
Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned. After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration. Basic tests check the supported cipher suites and protocol versions. In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.
Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner. The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).
It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.
Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.
Scan History
If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.
Additional functions will follow in later versions
Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget. The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).
If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
Read more
- Pentest Tools Tcp Port Scanner
- Hacker Techniques Tools And Incident Handling
- Hacker Tools
- Best Pentesting Tools 2018
- Pentest Tools For Mac
- Hacking Tools Free Download
- Hacker Tools Free
- Pentest Tools For Ubuntu
- Hacker Tools Hardware
- Pentest Tools List
- Hacker Tools Free Download
- Black Hat Hacker Tools
- Nsa Hack Tools
- Pentest Tools Review
- Hacking Tools Hardware
- Hack Tools For Ubuntu
- Hacking Tools For Beginners
- Hacking Tools Software
- Tools For Hacker
- World No 1 Hacker Software
- Hacking Tools For Windows
- Hacker Tools Mac
- Hacking Tools For Windows
- Blackhat Hacker Tools
- Hacker Tools Software
- Hack Tools For Games
- Black Hat Hacker Tools
- Computer Hacker
- New Hacker Tools
- New Hack Tools
- Hacking Apps
- Hacking Tools For Windows 7
- Hack Tools Mac
- Hacking Tools For Mac
- Hacking Tools Mac
- New Hacker Tools
- Best Hacking Tools 2020
- Hacking Tools For Games
- Hacking Tools Pc
- Hacking Tools For Mac
- Pentest Automation Tools
- Pentest Tools Bluekeep
- Hacking Tools Download
- Hacking Tools Mac
- Hacking Tools Online
- Hacking Tools Software
- Blackhat Hacker Tools
- Hacking Tools Download
- Game Hacking
- Pentest Tools Url Fuzzer
- Hackers Toolbox
- Top Pentest Tools
- Hacking Tools Windows 10
- Hacker Tool Kit
- Pentest Tools Download
- Pentest Reporting Tools
- Hack And Tools
- Hacking Tools 2019
- Pentest Tools Alternative
- Best Hacking Tools 2019
- Hacker Tools Github
- Hacking Tools Windows
- New Hacker Tools
- Pentest Tools Linux
- Hackers Toolbox
- What Are Hacking Tools
- Hacking Tools Kit
- Pentest Tools Website
- Hacking Tools Name
- Kik Hack Tools
- How To Make Hacking Tools
- Pentest Tools Review
- Hacking Tools Hardware
- Hacking Tools Mac
- Hacker Tool Kit
- Growth Hacker Tools
- Hacking Apps
- What Is Hacking Tools
- Hack Tools Pc
- Hacker Security Tools
- Pentest Tools For Ubuntu
- Hack Apps
- Hacking Tools Hardware
- Hacker Tools Software
- Hack Tools Github
- Pentest Tools Windows
- Hacking Tools 2020
- Pentest Tools Android
- Hacking Apps
- Hacking Tools Windows 10
- Hacker Tools For Ios
- Hack Tools For Windows
- Hack Tools
- Hack Tool Apk
- Hacker Tools 2019
- Hack App
- Hack Tools
- Hacks And Tools
- Usb Pentest Tools
- Best Pentesting Tools 2018
- Computer Hacker
- Pentest Tools Alternative
- Hacking Tools Download
- Hacker Techniques Tools And Incident Handling
- How To Hack
- What Is Hacking Tools
- Hacking Tools 2019
- Install Pentest Tools Ubuntu
- Hacker Tools Apk
- Hacker Security Tools
- Pentest Tools
- Pentest Tools For Mac
- Beginner Hacker Tools
- Pentest Tools Android
- Pentest Tools For Ubuntu
- Hacker Tools Linux
- Hacking Tools Online
- Wifi Hacker Tools For Windows
- Hacking Tools Usb
- Hack App
- Hacker Tools Windows
- Pentest Tools Website Vulnerability
- Hacking Tools For Games
- Hacking Tools Github
- How To Install Pentest Tools In Ubuntu
- Pentest Tools For Ubuntu
- Tools 4 Hack
- Hacking Tools Pc
- Easy Hack Tools
- Pentest Tools Find Subdomains
- What Is Hacking Tools
- Pentest Tools For Mac
- Hacker Tools Github
- Hacker Tools Linux
- Pentest Tools For Mac
- Hacking Tools Download
- Nsa Hack Tools Download
- Hacker Tools Github
- Hack Tools Github
- Hacking Tools
- Underground Hacker Sites
- Usb Pentest Tools
- Hacker Tools Free
- Pentest Reporting Tools
- Pentest Tools Website Vulnerability
- Hacker Tools Linux
- Black Hat Hacker Tools
- Computer Hacker
- Hacker Techniques Tools And Incident Handling
- Wifi Hacker Tools For Windows
- Hacking Tools Kit
No comments:
Post a Comment