WireShark Networking Packet Analysis - WebSocket

What's the best way to setup a home network? Why should I care about BGP?

WireShark Networking Packet Analysis - WebSocket

Post by shlomiyo on Thu Sep 21, 2017 6:19 pm
([msg=94663]see WireShark Networking Packet Analysis - WebSocket[/msg])

Hey Guys,

I have received a wireshark file for analysis and i need to extract a "flag" of it and i am kinda stucked.
I think that i have found the required pakages, they contain a base64 image, so when i get the correct data i should be able to use base64decoder to get my image. but i truly have no idea how to find out which part belongs to the image and which part is not.

Does anyone have any idea what can i do? maybe a short explaination about it..
If anyone would like to see the file i will be amazing, i would happily send it in private

Thanks everyone!
shlomiyo
New User
New User
 
Posts: 2
Joined: Thu Sep 21, 2017 6:02 pm
Blog: View Blog (0)


Re: WireShark Networking Packet Analysis - WebSocket

Post by pretentious on Fri Sep 22, 2017 12:03 am
([msg=94664]see Re: WireShark Networking Packet Analysis - WebSocket[/msg])

You should be able to follow the tcp stream and grab the full data field.
If you can find a way to send it to me that doesn’t involve me doing anything dodgy I’d be happy to take a look
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1203
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: WireShark Networking Packet Analysis - WebSocket

Post by shlomiyo on Fri Sep 22, 2017 1:13 pm
([msg=94682]see Re: WireShark Networking Packet Analysis - WebSocket[/msg])

Hey,
Thank you for your reply,
Last edited by shlomiyo on Sat Sep 30, 2017 5:46 pm, edited 1 time in total.
shlomiyo
New User
New User
 
Posts: 2
Joined: Thu Sep 21, 2017 6:02 pm
Blog: View Blog (0)


Re: WireShark Networking Packet Analysis - WebSocket

Post by Tweakz20 on Mon Sep 25, 2017 12:43 pm
([msg=94688]see Re: WireShark Networking Packet Analysis - WebSocket[/msg])

I believe your problem is you're looking at encrypted data. Frame 261, client .128 requests /auth and requests websocket upgrade. Frame 265 the upgrade is accepted. 268 in clear text a token is created, {"action": "token", "token": "636e3569-735d-49a9-b013-48cc8ae9c657"}. After that, data is masked and scrambled.

If you're only looking for flags, you're in luck because that is not encrypted. Just type "websocket" in the expression field and expand the websocket protocol. You'll also see [FIN] and [MASKED] next to the packets, which are flags.
Tweakz20
New User
New User
 
Posts: 4
Joined: Mon Sep 25, 2017 11:47 am
Blog: View Blog (0)


Re: WireShark Networking Packet Analysis - WebSocket

Post by pretentious on Mon Oct 02, 2017 6:31 am
([msg=94717]see Re: WireShark Networking Packet Analysis - WebSocket[/msg])

Tweak representin’ ;)
As per the pm, I haven’t been around my computer and probably shouldn’t be making promises on a site I don’t consistently log onto. I’ll try and take a look in a bit, but you’ve probably got your answer.
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1203
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests