The extension is based on the TLS-Attacker and developed by the Chair for Network and Data Security from the Ruhr-University Bochum to assist pentesters and security researchers in the evaluation of TLS Server configurations with Burp Suite.
To compile the extension from source, you need to have Java and Maven installed, as well as TLS-Attacker in Version 3.3.1 and TLS-Scanner in Version 3.0.2.
$ mvn clean packageThe extension has been tested with Java 1.8.
- Build the JAR file as described above, or download it from releases.
- Load the JAR file from the target folder into Burp's Extender.
Use the URL and port of the tested server and start the scan. The scan can last up to one minute, depending on the availability of the server. After the scan has been finished, you will find the following scanning output, for example:
Supported versions and cipher suites:
Analyzed attacks and vulnerabilities:
Resulting score based on the analyzed properties:
Recommendations to improve your implementation configuration:
