TLS-Attacker – Java-based Framework for Analyzing TLS Libraries

We use TLS today on most our online communication to transmit sensitive information such as passwords, tokens or any private details. Many protocols use the TLS as an add on to encrypt and protect the information. If you are looking to pentest TLS you can check TLS-Attacker.

This is a Java-based framework for analyzing TLS libraries. It is able to send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This gives the developer an opportunity to easily define a custom TLS protocol flow and test it against his TLS library.

TLS-Attacker consists of several (maven) projects:

  • Transport: Transport utilities for TCP and UDP.
  • ModifiableVariable: Contains modifiable variables that allow one to execute (specific as well as random) variable modifications during the protocol flow. ModifiableVariables are used in the protocol messages.
  • TLS: Protocol implementation, currently (D)TLS1.2 compatible.
  • Attacks: Implementation of some well-known attacks and tests for these attacks.
  • Fuzzer: Fuzzing framework implemented on top of the TLS-Attacker functionality.

TLS-Attacker is a Java-based framework for analyzing TLS libraries

Currently the tool support the following versions/features:

  • TLS versions 1.0 (RFC-2246), 1.1 (RFC-4346) and 1.2 (RFC-5246)
  • DTLS 1.2 (RFC-6347)
  • (EC)DH and RSA key exchange algorithms
  • AES CBC cipher suites
  • Extensions: EC, EC point format, Heartbeat, Max fragment length, Server name, Signature and Hash algorithms
  • TLS client and server

You can read more about this tool over this link: