Wpictf 2021

Suspicious traffic

Solved by : thewhiteh4t

  • we are given a pcapng file with some HTTP traffic
  • some of the requests have extra characters in data field
  • they can be listed using tshark easily
    tshark -r capture.pcapng -T fields -e http.file_data | grep "\S" | grep -v "html" | cut -d "\\" -f 1 | tr -d "\n"
Published on : 26 Apr 2021