Prompt
The S in HTTPS stands for secure and it uses the TLS/SSL protocol to achieve its security. Let's decrypt this traffic to find the hidden flag.
Tutorial Video
Walk-Through
This challenge involves using a provided SSL key log file to decrypt HTTPS traffic. You can also follow one of these other guides which also provide instructions on how to perform this task:
https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-https-traffic/
https://my.f5.com/manage/s/article/K19310681
To decrypt the HTTPS traffic, open the packet capture in Wireshark and then load in the SSL key log with the following steps:
- Open preferences (Edit → Preferences)
- Expand
Protocolsand selectTLS(orSSLin older versions of Wireshark) - Select the SSL key log file for the
(Pre)-Master-Secret log filename
After following these steps, Wireshark will now be able to decrypt the HTTPS traffic. You can then view the plaintext data by right-clicking a HTTP/HTTPS packet and selecting Follow → TLS Stream
Questions
What Cipher Suite was chosen by the secure socket server?
Select packet #6 (the TLS Server Hello) and look for the “Cipher Suite”. This can be found in the packet dissection under Transport Layer Security → TLSv1.2 Record Layer: Handshake Protocol: Server Hello → Handshake Protocol: Server Hello → Cipher Suite
What is the domain covered by the SSL key?
Select packet #6 (the TLS Server Hello) and look for the “common name” of the SSL certificate. This can be found in the packet dissection under Transport Layer Security → TLSv1.2 Record Layer: Handshake Protocol: Certificate → Handshake Protocol: Certificate → Certificates → Certificate.
What is the flag transferred over HTTPS?
Follow the TLS stream for packet #10 (the request for /flag.txt)
©️ 2024 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.