Contact Us

Writeup by: OreoByte

Writeup URL: GitHub

Veronica sent a message to her client via their website's Contact Us page. Can you find the message?

Author: moat, Pacific Northwest National Laboratory

Using Wireshark Decrypt The SSL Traffic

Using the given files sslkeyfile.txt and ContactUs.pcap we can start to decrypt the pcap.

Navigate through Edit -> Preferences -> Protocols -> TLS -> (Pre)-Master-Secret log filename, click browse and select the sslkeyfile.txt file.

Decrypt TLS in Wireshark \

Find the decrypted flag in the packet capture.

Using Tshark

You can do the same thing but with tshark:

Decrypt Pcap into a new file
- tshark -r ContactUs.pcap -V -x -o tls.keylog_file:key.log > results
grep to win for the flag
- grep 'flag{' results

Tshark \

Victory

Submit the flag and claim the points:

flag{m@r$hm3ll0w$}

csaw21

Writeups for CSAW 2021 CTF

Contact Us

Using Wireshark Decrypt The SSL Traffic

Using Tshark

Victory