Title : [writeups] Hack Dat Kiwi - SSL Sniff 1 (50)
Released : 2015-11-21 16:02:28 -0500
Viewed : 826

Description:

Link: http://c4c045.hack.dat.kiwi/forensics/ssl_sniff/dump.pcap

SSL Sniff 1 (Forensics)

We received a network capture file of an HTTPS request that was MITMd. Try to find the culprit.

 

Download the pcap's file. Open it using Wireshark. I found this request from client.

17    0.551442000    172.16.168.1    172.16.168.158    TLSv1.2    236    Client Hello

then response from server

19    0.554530000    172.16.168.158    172.16.168.1    TLSv1.2    1456    Server Hello, Certificate, Server Key Exchange, Server Hello Done

Looking for "Key"

kiwi-sniff-1

uTF8String: Key-Is-dUs1mKl4\033[3

Flag: Key-Is-dUs1mKl4