In this post, we present our new Burp Suite extension "TLS-Attacker".
Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.
You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases
Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner. The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).
It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.
Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.
This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget. The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).
If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
Read moreUsing this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.
You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases
TLS-Scanner
Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned. After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration. Basic tests check the supported cipher suites and protocol versions. In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.
Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner. The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).
It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.
Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.
Scan History
If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.
Additional functions will follow in later versions
Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget. The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).
If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
- Hack App
- Nsa Hack Tools
- Hacker Tools For Mac
- Hacking Tools For Mac
- Pentest Recon Tools
- Hack Rom Tools
- New Hacker Tools
- Pentest Tools Online
- World No 1 Hacker Software
- Hacker Tools 2019
- Tools Used For Hacking
- Hacker Security Tools
- Hacking Tools Pc
- Pentest Tools Apk
- Hacking Tools 2020
- Hackrf Tools
- How To Make Hacking Tools
- Hacking Tools Software
- Hackrf Tools
- How To Install Pentest Tools In Ubuntu
- Hack Tools 2019
- Tools Used For Hacking
- Hacks And Tools
- Pentest Tools For Ubuntu
- Hacking Tools For Kali Linux
- Hacking Tools 2019
- Pentest Tools For Mac
- New Hacker Tools
- Pentest Tools Review
- Best Hacking Tools 2020
- Hack Tool Apk No Root
- Nsa Hacker Tools
- Hacking Tools Windows
- Pentest Tools Android
- Nsa Hacker Tools
- Growth Hacker Tools
- Hack Tools For Ubuntu
- Hack Tools Github
- Kik Hack Tools
- Best Hacking Tools 2020
- Pentest Reporting Tools
- Top Pentest Tools
- Pentest Automation Tools
- Kik Hack Tools
- Hacker Tools For Windows
- Hacking Tools For Games
- Pentest Tools Bluekeep
- Hacking Tools Free Download
- Hacking Tools Name
- Beginner Hacker Tools
- Hacking Tools Name
- Hack Tools
- Physical Pentest Tools
- Hacking Tools For Mac
- Hack Tools Pc
- Blackhat Hacker Tools
- Pentest Tools List
- Growth Hacker Tools
- Hack Tools
- Hack Tools Pc
- Hacking Tools Download
- How To Hack
- How To Install Pentest Tools In Ubuntu
- Hacker Tools 2020
- Hacker Tools Free
- Game Hacking
- New Hack Tools
- Pentest Tools Kali Linux
- Free Pentest Tools For Windows
- Ethical Hacker Tools
- Best Hacking Tools 2020
- How To Hack
- Tools For Hacker
- Blackhat Hacker Tools
- Beginner Hacker Tools
- Pentest Box Tools Download
- Top Pentest Tools
- Hack Tools For Ubuntu
- Nsa Hack Tools Download
- Kik Hack Tools
- Pentest Automation Tools
- Hacker Tools Windows
- Hacking Tools Online
- Hacking Tools 2020
- Hacking Tools Mac
- Hack Website Online Tool
- Pentest Tools Tcp Port Scanner
- Hacker Tool Kit
- Hak5 Tools
- Hack Tools For Windows
- Hacker Tools Apk Download
Geen opmerkings nie:
Plaas 'n opmerking