Skip to content

tls-attacker/TLS-Attacker-BurpExtension

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

TLS-Attacker-BurpExtension

The extension is based on the TLS-Attacker and developed by the Chair for Network and Data Security from the Ruhr-University Bochum to assist pentesters and security researchers in the evaluation of TLS Server configurations with Burp Suite.

Build

To compile the extension from source, you need to have Java and Maven installed, as well as TLS-Attacker in Version 3.3.1 and TLS-Scanner in Version 3.0.2.

$ mvn clean package

The extension has been tested with Java 1.8.

Installation

  • Build the JAR file as described above, or download it from releases.
  • Load the JAR file from the target folder into Burp's Extender.

Usage

Use the URL and port of the tested server and start the scan. The scan can last up to one minute, depending on the availability of the server. After the scan has been finished, you will find the following scanning output, for example:

Supported versions and cipher suites:

Alt text

Analyzed attacks and vulnerabilities:

Alt text

Resulting score based on the analyzed properties:

Alt text

Recommendations to improve your implementation configuration:

Alt text