Start interactive tutorial

← Back to Projects

HTTP Traffic Forensics: Red Flag

Difficulty

  • easy

Average duration

1 hrs

Technologies

  • wireshark

  • network analysis

  • pcap

  • base64

  • cybersecurity

  • forensics

  • blue-team

Difficulty

  • easy

Average duration

1 hrs

Technologies

🌱 How to start this lab
Your Mission
  • Validation

In this lab, you will receive network evidence captured in a .pcap file. This file contains an HTTP transaction between a client and a local server, and it is suspected that a flag is hidden within that communication.

In this lab you will learn:

  • HTTP traffic analysis in .pcap files
  • Using Wireshark for forensic inspection

🌱 How to start this lab

👉 This challenge is solved inside a preconfigured virtual machine with Wireshark and a graphical environment. No additional software installation or traffic simulation is required: you will analyze a pre-captured .pcap file directly.

  1. If you don't have the virtual machine yet, download it from this link:
We are sorry, you don't have enough privileges to access this block of content, please signup or upgrade your plan to access it.
1https://storage.googleapis.com/cybersecurity-machines/redflag-lab.ova
  1. Import the virtual machine into VirtualBox.
  2. Start the VM and log in as user student:4geeks-lab.

Your Mission

An internal system made an HTTP request to a local server, which responded with unexpected content. The transmission was intercepted by a network sensor and is now in your hands: a .pcap file with the complete conversation. Your job as an analyst is clear: Examine the HTTP conversation for data that shouldn't be there.

It is rumored that the server delivered a suspicious string — there are no unusual headers, no obvious errors... just a simple response. But remember: simple things sometimes hide more than they show.

Tip: Sometimes messages are not in plain text, but masked with basic techniques like encoding. If you see a long, meaningless string... maybe it's not as random as it seems.

Validation

If, after decoding, the analyzed result has this format: 4GEEKS{EXAMPLE_FLAG}, then you have found what you were looking for.

Good luck, Forensic Analyst!

Sign up and get access to solution files and videos for free

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • easy

Average duration

1 hrs

Technologies

Difficulty

  • easy

Average duration

1 hrs

Technologies

Difficulty

  • easy

Average duration

1 hrs

Technologies

Difficulty

  • easy

Average duration

1 hrs

Technologies

Sign up and get access to solution files and videos for free

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • easy

Average duration

1 hrs

Technologies

Difficulty

  • easy

Average duration

1 hrs

Technologies