Awesome
TLS-Attacker-BurpExtension
The extension is based on the TLS-Attacker and developed by the Chair for Network and Data Security from the Ruhr-University Bochum to assist pentesters and security researchers in the evaluation of TLS Server configurations with Burp Suite.
Build
To compile the extension from source, you need to have Java and Maven installed, as well as TLS-Attacker in Version 3.3.1 and TLS-Scanner in Version 3.0.2.
$ mvn clean package
The extension has been tested with Java 1.8.
Installation
- Build the JAR file as described above, or download it from releases.
- Load the JAR file from the target folder into Burp's Extender.
Usage
Use the URL and port of the tested server and start the scan. The scan can last up to one minute, depending on the availability of the server. After the scan has been finished, you will find the following scanning output, for example:
Supported versions and cipher suites:
Analyzed attacks and vulnerabilities:
Resulting score based on the analyzed properties:
Recommendations to improve your implementation configuration:
