This exercise is one of our challenges to help you learn how to analyze PCAP files

< 1 Hr.
PCAP badge


To get started with this challenge, you will need to install Wireshark to inspect the provided network dump. You can download the PCAP file using the provided link. The file contains a single HTTP request, and the key is available in the body of the response as part of the HTML code. However, the response is gzip-compressed to limit data transfer.

Using Wireshark, you can open the file and follow the TCP stream to reconstruct the connection. Once you have the full TCP connection, you need to save the data as RAW, edit the file to remove everything aside from the body of the response, and then decompress it using gunzip to retrieve the key. Alternatively, you can use the "Follow HTTP stream" option in Wireshark, which will automatically decode the gzip-compressed response for you.

Want to learn more? Get started with PentesterLab Pro! GO PRO