BurpSuite has a scanner builtin that allows you to scan a URL or URLs and this will give you an output of what is vulnerabilities or misconfigurations are set. A simple thing may be the SSL certificate on your Exchange server, while you may think this is not significant, this can be leveraged in an attack as it is a weak point.
Let’s look at this example against my Exchange 2019 server. The scan revealed multiple issues but the SSL certificate one is what is highlighted below:
The image is is large so it has a lot of content but on the right hand side, you can see under the Advisory section, it lists the issue and below that also lists the vulnerability classifications:
Other issues highlighted on Exchange Server 2019 is shown below:
You can see that there are a number of items that BurpSuite picked up and you can drill into each to understand what it means and how to resolve it. BurpSuite actually provides you with an “Issue Remediation” section on some of the items. The TLS Certificate ones should be self explanatory, meaning you need to ensure that the SSL certificate you are using is valid, has not expired etc.
If you have access to the tools, run it against your site, remember you should only scan what you are allowed to and have been given permission to, hence me showing you my lab as I am the owner of the lab.
The exploits on my other blogs are carried out against my lab machines. Everything you do also creates a lot of noise, so if you doing this in your company after getting permission, inform the SOC team or Security Team what you doing so they do not think an attack is being carried out.
Hope it helps.
