Before you Start Please Read Cryptography Section !

When a user requests a web page with HTTPS, the following happens:

  1. The client sends a "Hello" message to the server, which includes the version of SSL/TLS the client supports, a random number, and a list of ciphersuites that the client supports.
  2. The server responds with a "Hello" message, which includes the version of SSL/TLS the server supports, a random number, and the ciphersuite that will be used for the session. The server also sends its certificate to the client.
  3. The client checks the server's certificate to ensure that it is issued by a trusted CA and that it has not expired. The client also checks the certificate's signature to ensure that it has not been tampered with.
  4. If the certificate is valid, the client generates a session key and encrypts it using the server's public key (which is included in the certificate). The client then sends the encrypted session key to the server.
  5. The server decrypts the session key using its private key (which is not sent over the network) and the session key is now shared between the client and server. All subsequent communication between the client and server is encrypted using the session key.

Untitled

When a web server sends a certificate to a client during an HTTPS session, the client needs to validate the certificate to ensure that:

  1. The certificate is authentic and has not been tampered with
  2. The certificate is issued by a trusted certification authority (CA)
  3. The certificate is valid and has not expired

As you know all these are possible by validating the Certificate via CA’s(For example Google) public key.

Installing Our Certificate As An Valid CA

As you know to create a trust relationship between certificates chain, you can add your custom Root Certificate Authority. Now how we can do this just search about Install a certificate. Then add your BurpSuite Certificate. For downloading your burp Certificate, just set the proxy and then open http://burp on your browser. Then click on download certificate and change the extension from .der to .crt.