Forensics – WebNet0

WebNet0 - 350pt


We found this packet capture and key. Recover the flag.


Try using a tool like Wireshark.
How can you decrypt the TLS stream?


Open the pcap file with Wireshark. The pcap file contains tls traffic between a server and a client, so traffic is encoded with a secure socker layer handshake. Having the key file we can go to edit>preferences>protocols>ssl>insert key file.
The application data packets that were encoded will render into http data. In the packet 32 is contained the field Pico-Flag that contains in fact the flag.


Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *