commit e1d69b07da2ab15a29d0666304c8e4db7a94b1a2 Author: Louis Burda <quent.burda@gmail.com> Date: Mon, 1 Apr 2024 20:35:37 +0200 Add solution Diffstat:
| A | chall/description | | | 1 | + |
| A | chall/intro-forensics-1.zip | | | 0 | |
| A | solve/intro-forensics-1.pcapng | | | 0 | |
| A | solve/solve | | | 11 | +++++++++++ |
4 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/chall/description b/chall/description @@ -0,0 +1 @@ +First we will learn a little bit about Wireshark. For the beginning just start play around with Wireshark and their filters, look into the protocols and getting familar with the tool. Besides Reverse Engineering skills, recording the network traffic is an important part in the analysis of malware. diff --git a/chall/intro-forensics-1.zip b/chall/intro-forensics-1.zip Binary files differ. diff --git a/solve/intro-forensics-1.pcapng b/solve/intro-forensics-1.pcapng Binary files differ. diff --git a/solve/solve b/solve/solve @@ -0,0 +1,11 @@ +#!/usr/bin/env python3 + +from base64 import b64decode +import subprocess +import requests +import re + +cmd = "tshark -nr intro-forensics-1.pcapng -Y 'http' -T fields -e http.cookie" +output = subprocess.check_output(cmd, shell=True).decode().split("\n") +cookies = [[v for v in l.split("; ") if "token=" in v][0] for l in output if l.strip() != ""] +print("\n".join(cookies))