Capturing malware SSL using Burp

Burp Suite is one of the best tools available for web application testing. Its wide variety of features helps us perform various tasks including: intercepting a request and modifying it on the fly, scanning a web application for vulnerabilities, brute forcing login forms, performing a check for the randomness of session tokens, and many other functions. In this article we will be doing a complete walkthrough of Burp Suite discussing all its major features.

Some of the features are:

  1. Proxy
  2. Spider
  3. Repeater
  4. Sequencer
  5. Scanner
  6. Intruder
  7. Decoder
  8. Comparer


Malware is software used or programmed by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software.

Malware includes computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers, dialers, spyware, adware, malicious BHOs, rogue security software and other malicious programs. The majority of active malware threats are usually worms or trojans rather than viruses.

Malware SSL:

We are using the following application to test:

When the capture of the traffic on Wireshark the traffic is encrypted as it goes over SSL so we cannot decode the SSL certificate.

When we open the application on the browser we do not get any kind of indication that the SSL certificate is not valid.

But when we use the burp proxy we are able to decode the malformed SSL. Burp shows that the SSL certificate is not valid.

Expires: Thu, 01 Jan 1970 00:00:00 GMT

The expiration date shown above confirms that the SSL certificate is malformed.


You must Sign-In to post a comment.