Suddenly wanted to question about traffic analysis, traffic analysis remember there are a lot of offensive and defensive security laboratory dig title above, so do it
Traffic analysis is generally used wireshark title, (say wireshark traffic analysis tool which is ace no one should oppose it
Seize Afghanistan
Said analysis http header, so direct filtration http protocol
Track stream
Response header found inside CTF: dGhlRmxhZ0luSHR0cEhlYWRlcg ==
A look that is base64 encoding, decoding, too:
Oman to win:
After unzipping the download, use wireshark open error
Of course, the topic which has prompted a pcap file has been damaged, in addition to zip the file exists, let's use the foremost tool of the windows to see whether the isolated zip file
Resulting compressed, open one of the key file
Get key
Angola to win:
After opening found are all TCP packets directly track the flow
Data flow carefully observed a moment, found CTF {
At the same time we can see the next line there some_, so finding all the words underlined that
some_,leaks_,are_,good_,leaks_
So the final answer is CTF {some_leaks_are_good_leaks_}
Australia to win:
The big package of traffic, website account password, we first filter http traffic, the general account and password submission are post way, so we filter this written statement:
http.request.method==POST
Noting second packet is /index.php?action=login&show_server_selection=1
Track HTTP streaming
In the bottom of the flow of packets found user and password, you can piece together the meaning of problems in accordance with
Seize Papua New Guinea:
Readily find a trace packet stream to find a flag (water
Seize Congo (Brazzaville)
Here for a long time, the filter statement written by ftp
Has not been found, I looked back to the topic, focusing on ftp-data
The third stream of data packets can be tracked
Costa Rica to win:
After the discovery of which are open after http packets, just turn a few packets flow tracking, found that many inside the text information (although I have not read)
Including PNG images hidden inside the data stream
So we use the foremost thing or binwalk isolated inside
output there are a few good pictures, we do not worry, slowly find flag
To view the properties of the first image, then use StegSolve analyze the image:
The lower left corner flag appeared
flag{J0hn_th3_Sn1ff3r}
This question is to test knowledge points than the previous few questions to be a little more
First wrote here, next time more