Suspicious traffic Writeup
Wpictf 2021
Solved by : thewhiteh4t
- we are given a pcapng file with some HTTP traffic
- some of the requests have extra characters in data field
- they can be listed using tshark easily
tshark -r capture.pcapng -T fields -e http.file_data | grep "\S" | grep -v "html" | cut -d "\\" -f 1 | tr -d "\n"
WPI{su3p1ci0uS_htTp}