Home

Awesome

TLS-Attacker-BurpExtension

The extension is based on the TLS-Attacker and developed by the Chair for Network and Data Security from the Ruhr-University Bochum to assist pentesters and security researchers in the evaluation of TLS Server configurations with Burp Suite.

Build

To compile the extension from source, you need to have Java and Maven installed, as well as TLS-Attacker in Version 3.3.1 and TLS-Scanner in Version 3.0.2.

$ mvn clean package

The extension has been tested with Java 1.8.

Installation

Usage

Use the URL and port of the tested server and start the scan. The scan can last up to one minute, depending on the availability of the server. After the scan has been finished, you will find the following scanning output, for example:

Supported versions and cipher suites:

Alt text

Analyzed attacks and vulnerabilities:

Alt text

Resulting score based on the analyzed properties:

Alt text

Recommendations to improve your implementation configuration:

Alt text