Title : [writeups] Hack Dat Kiwi - SSL Sniff 1 (50)
Released : 2015-11-21 16:02:28 -0500
Viewed : 826


Link: http://c4c045.hack.dat.kiwi/forensics/ssl_sniff/dump.pcap

SSL Sniff 1 (Forensics)

We received a network capture file of an HTTPS request that was MITMd. Try to find the culprit.


Download the pcap's file. Open it using Wireshark. I found this request from client.

17    0.551442000    TLSv1.2    236    Client Hello

then response from server

19    0.554530000    TLSv1.2    1456    Server Hello, Certificate, Server Key Exchange, Server Hello Done

Looking for "Key"


uTF8String: Key-Is-dUs1mKl4\033[3

Flag: Key-Is-dUs1mKl4