PCAP 18

This exercise is one of our challenges to help you learn how to analyze PCAP files

PRO
Tier
Easy
< 1 Hr.
5935
PCAP badge

In this exercise, you will begin by installing Wireshark, a powerful tool for network analysis. You'll download a provided PCAP file that contains a single HTTP request. The main objective is to extract the credentials found in the Authorization header of this request. The username and password are concatenated with a colon and then base64 encoded in the header.

By following the TCP stream in Wireshark, you'll be able to reconstruct the full TCP connection, making it easier to inspect the data without dealing with lower layers like IP and ARP. The base64 string in the Authorization header can be decoded to reveal the username and password, which serves as the key for this challenge.

Want to learn more? Get started with PentesterLab Pro! GOPRO