PCAP 22

This challenge involves downloading and examining a PCAP file with Wireshark. The PCAP file contains a single HTTP request and a chunk-encoded response. Chunk encoding allows the server to send data in smaller pieces, making it possible to start processing the response sooner. You'll need to reconstruct the TCP stream in Wireshark to extract the key embedded in the HTML body of the response.

Chunk encoding is designed to facilitate quicker data transmission by breaking down the response into smaller chunks, each prefixed with its size in hexadecimal. In this exercise, you'll observe the absence of the Content-Length header and the presence of hexadecimal numbers indicating chunk sizes. By following the TCP stream in Wireshark, you can see the entire conversation and pinpoint the key within the response body, despite the chunked encoding.