decrypting ssl traffic

asked 2019-11-10 14:29:25 +0000

ismaeel_ali
1 ●3 ●3 ●4

updated 2019-11-10 17:06:41 +0000

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23790 ●4 ●950 ●227 https://www.wireshark.org

Hi all,

I have been given 2 tasks using wireshark, and being a new user of the software, i am a tiny bit stumped about it.

The explanation of what we were meant to do is as follows: "Use the files located in LabFiles/Wireshark-TLS
Decrypt SSL traffic in the Wireshark interface
Identify the online service that was used to exfiltrate stolen data
Identify the flag in the POSTed data."

Our questions to do the task are the following:
1) "What domain was used to exfiltrate the data?"
2) "What is the Flag?"
3) "What is the unique ID that was assigned to the submitted data?"

edit retag flag offensive close merge delete

Comments

As this is a homework question we can't simply give you the answers, what have you tried?

grahamb ( 2019-11-10 17:07:33 +0000 )edit

I have tried to navigate wireshark and look online for solutions, to no avail. I thought a forum would be my next best bet. A-Levels they said, it will be fun they said. @grahamb

ismaeel_ali ( 2019-11-10 20:34:29 +0000 )edit

Presumably there was some intro to the subject in the class, have you reviewed that?

grahamb ( 2019-11-11 13:42:15 +0000 )edit

I was absent, and upon reviewing the notes and resources it still does not make sense. I emailed my teacher but she has not replied and I do not think I will be back in school for at least another 2 weeks. Do you perhaps know how to do it?

ismaeel_ali ( 2019-11-11 14:44:20 +0000 )edit

Its not for class I know what it's for. They are looking for people who can get a lot of information and learn very quickly with that information... All of the information on what to do is on their website or on google you don't need to ask these questions when the information is already there....

johnrown ( 2019-11-15 22:52:10 +0000 )edit

add a comment

Comments

So i think i decrypted it, now what stands out about finding a domain that data was posted to?

ismaeel_ali ( 2019-11-11 15:24:01 +0000 )edit

I would use the Statistics -> Endpoints function to see what hosts have been communicating (with the IPv4 tab). Hopefully something will standout.

As the question asks about "POST" data, maybe add a display filter of http, or http.request.method == "POST"

grahamb ( 2019-11-11 16:08:30 +0000 )edit

thanks it works!, one last problem. I am trying to find the unique id assigned to data, how do i find that while analysis the packet? which section?

ismaeel_ali ( 2019-11-11 19:02:07 +0000 )edit

hey, did you solve 3) ? im finding myself stuck on this aswell..

a__lmonkey ( 2019-11-12 15:39:02 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

decrypting ssl traffic

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

decrypting ssl traffic edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

decrypting ssl traffic