A friend of mine, Kev ‘TheHermit’ Breen created a Pastebin scraper (PasteHunter) that uses Yara rules to check pastes for interesting stuff then indexes them. People don’t publish private keys online! In this instance we can see that the network traffic is using a certificate that has had the private key published online. Hold your horses, there is a lot of useful information in an encrypted PCAP that may help you to find a weakness, or even all the information you need. It was originally a DEFCON CTF, then was later picked up by, if you want to play along at home click here) Encrypted Traffic in a PCAP? I’m outta here!! (To help me structure this post I am going to use a CTF challenge as a walkthrough. If you have a HTTPS session captured and are looking at unlocking the secrets that lie within, you are probably looking at Wireshark with eternal optimism hoping that somehow the magical blue fin will answer all of problems….
0 kommentar(er)
