[Forensics] Marshal in the Middle

Can anyone PM me about this challenge? I don’t want to spoil !! and wan’t to ask somethings!

I’m stuck on it, got the DNS tunnel thing - But how to extract with what tools, not sure what the next step is here.

Anyone?

Hi all, I’ve got something but I don’t want to spoil, anyone can PM me? Thx!

Just spent a lot of time on this one just to figure out Wireshark 2.4.6 and 3.0.0 on OS X neither would decrypt correctly. 2.6.7 worked fine with exact same settings as other 2 versions so I don’t think it was misconfiguration. 2.6.6 in Kali worked fine too, didn’t try any other versions. Once decrypt worked, the flag was obvious in expected format.

ya I have figured it was an issue I almost wondered why it was not working and I kind of figured the bundle was needed to be modified to get the decryption working once I noticed I wasn’t getting decryption I just put it aside I am glad you cleared up which version worked I will do a reinstall of that version later

Finally found it! FYI it works with Wireshark 3.0.0 on Win10

I suggest this video to understand how to decrypt SSL

Finally I got it :smiley: and this worked with the last version of Wireshark on Win10 also in Kali linux. check out very well advance preferences on Wireshark, if you need any help PM… Cheers.

Got it. If you need help PM.
Cheers from Portugal :+1:

I found something similar to the flag and I can not respond. Help.

Bad API request, invalid api_option
why is so!! I am geeting problem!! Anyone here to give me small nudge !!

Video from Heichou helped a lot, thanks!
I tried a different approach from the Wireshark Wiki, which did not work for me.

As soon as you got that part, follow the stream!

Great challenge - learnt a lot!!!

Type your comment> @zeroes said:

Hope this is ok, just a great read on the Wireshark tool here, oh the whitty ways to use it: https://sharkfesteurope.wireshark.org/assets/presentations17eu/15.pdf

Excellent document, i learn some cool things!! Feel free to PM me for help.

Got the flag, but I did it intuitively and randomly. Could anyone PM me pls and explain meaninig of BRO logs and private key?

Once you know that and how you have to configure Wireshark correctly, it becomes rather easy. I found enjoyed this challenge since it learned me some new things about Wireshark

-r.

Hi . I’ve seen the entire sequence and which data have been exfiltrated. What is supposed to be written inside HTB{} ? I’ve tried with the file names, full path of them, sensitive content of one of them … Thanks

Type your comment

I got it. Good challenge, it taught me a lot on wireshark.
Tip:
  1 - document yourself seriously on “CL ***** RANDOM” and the Wireshark versions
  2 - follow the flow
  3 - trust your instincts