Saját bloglista

2023. június 2., péntek

Scanning TLS Server Configurations With Burp Suite

In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

TLS-Scanner

Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

Scan History 

If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

Additional functions will follow in later versions

Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
Related articles
  1. Pentest Tools For Android
  2. New Hacker Tools
  3. Wifi Hacker Tools For Windows
  4. Hack Website Online Tool
  5. Hacker Tools 2019
  6. Hack Apps
  7. What Is Hacking Tools
  8. Tools 4 Hack
  9. Install Pentest Tools Ubuntu
  10. Hack Tools For Pc
  11. Hacker Tools Free Download
  12. Best Hacking Tools 2020
  13. Pentest Recon Tools
  14. Hacking Tools For Windows Free Download
  15. Pentest Tools For Android
  16. Ethical Hacker Tools
  17. Github Hacking Tools
  18. New Hacker Tools
  19. Hacker Tools Online
  20. Termux Hacking Tools 2019
  21. Hacking Tools Free Download
  22. Hacking Tools For Beginners
  23. Tools Used For Hacking
  24. Top Pentest Tools
  25. Hacking Tools For Games
  26. Hacker Tools For Pc
  27. Pentest Tools Linux
  28. What Are Hacking Tools
  29. Pentest Tools Review
  30. Hacker Tools Windows
  31. Underground Hacker Sites
  32. Hack Tools Pc
  33. Underground Hacker Sites
  34. Hack Tools Mac
  35. Pentest Automation Tools
  36. Pentest Tools For Android
  37. Pentest Tools Subdomain
  38. Github Hacking Tools
  39. Physical Pentest Tools
  40. Beginner Hacker Tools
  41. Hacking Tools And Software
  42. Pentest Tools Kali Linux
  43. Hacking Tools Download
  44. Hack Tools For Windows
  45. Hack Tools Download
  46. Hacker Tools For Mac
  47. Hacking Tools Pc
  48. Pentest Reporting Tools
  49. Hacking Tools
  50. Hacker Hardware Tools
  51. Hack Tools For Windows
  52. Hacking Tools Software
  53. Black Hat Hacker Tools
  54. Easy Hack Tools
  55. Hacks And Tools
  56. Pentest Tools List
  57. World No 1 Hacker Software
  58. Hacker Hardware Tools
  59. Game Hacking
  60. Hack Tools 2019
  61. Wifi Hacker Tools For Windows
  62. Hacker Tools Github
  63. Hacking Tools For Beginners
  64. Hacking Tools Pc
  65. Tools For Hacker
  66. Kik Hack Tools
  67. Underground Hacker Sites
  68. Pentest Box Tools Download
  69. Hacker Tools Linux
  70. Free Pentest Tools For Windows
  71. Hacking App
  72. Pentest Tools Website
  73. Hacker Tools Github
  74. Hacking Tools Github
  75. Pentest Tools Free
  76. Hacker
  77. Hacker Tools Mac
  78. Hacking Tools Free Download
  79. Pentest Tools Open Source
  80. Hacking Apps
  81. Hacker Security Tools
  82. Free Pentest Tools For Windows
  83. Pentest Tools Nmap
  84. Game Hacking
  85. Nsa Hack Tools Download
  86. Github Hacking Tools
  87. Hacking Tools 2019
  88. Hacking Tools Kit
  89. Hacking Tools Software
  90. New Hack Tools
  91. Hacking App
  92. Pentest Tools Tcp Port Scanner
  93. Pentest Tools Windows
  94. Easy Hack Tools
  95. Hacker Tools Windows
  96. Hackrf Tools
  97. Pentest Tools For Ubuntu
  98. Hacking Tools Windows
  99. Hacking Tools Download
  100. Pentest Tools Download
Bejegyezte: dátum: