[Forensics] Marshal in the Middle

i found the Api_post_code in the wireshark,but how to find the flag?

Found plaintext data of user’s actions but cannot seem to find the flag …

i got the api request to the pastebin with confidential information, but while putting those as flag not working anymore, can some one please help here

Finally!!! got it. It was an awesome challenge guys

I loved this challenge!

Took me too long but I finally got it. The tools I need are right in front of me… =)

I have the evidence of an the exfil and the person deleting their tracks… can’t find the flag though! Can someone give me a clue from here.

bump

i am unable to understand some of the data…like there seem to be some strings whch dnt make sense …can i pm smebdy??? this is my frst challnge

Can someone PM me? I believe I have the the solution in a specific file but like some others have mentioned it could be a wireshark issue. I will provide what I see on the screen and I guess can you give me a thumbs up/down to confirm?

I am having trouble with decoding. I read on here its obvious when you see it so I’m thinking my data is not showing everything. I have found the ex-filtrated data but cannot find the flag. PM with ideas!

Hm, found the packet trail where they cleaned up their tracks. Used the cert file, to decrypt the other stream, so able to see what they transmitted in clear text. But not sure where the flag is supposed to be.

Ahh, I just had to keep swimming downstream. That was an enduring challenge :3

Guys… I need help identifying the flag… What is it like?? Is it in a document?? Is it in a cryptographic form?? All i can see is an Encrypted data from the SSL tree and i am stuck… I cannot even decode it…

Use Wireshark, follow the stream.

My biggest challenge seems to be getting Wireshark to accept the files and actually decrypt SSL traffic. I’ve modified one file to make it valid for the task and used the log, but either way, Wireshark only shows me encrypted data.

I’m new to this Forensics, but want to hit on it, can somebody tell me the procedure to get the flag.
Just hints.

Is there anybody who can help me on this.
I found the file not sure, that one is the correct one. PM me I really need help on this.!!

Look at the logs. Find something of interest. View the relevant packets in wireshark.

Finally found the some interesting data, which was shredded by user, please somebody let me know how the flag will be.