IMPORTANT:AttackDefense Labs is included with a Pentester Academy subscription! Upgrade Now to access over 1800+ Labs.

Already a Pentester Academy student? Your access will continue uninterrupted. Please use the same Google account to login here.

Not a Pentester Academy student? Try our Free Communitiy Labs

Filtering Advanced: HTTPS

tshark-basics | Level: Intermediate  | Total Lab Runs: 0 | Premium Lab

Lab Scoreboard

Lab Walkthrough Video:


HTTPS (HTTP over SSL/TLS) encrypts HTTP so it can be securely sent over the network. So, unlike HTTP, an attacker monitoring the traffic cannot comprehend the data being sent . However, there are interesting aspects of the traffic and network communication which can be inferred even with the encrypted traffic.

Start the lab, locate the PCAP file with the HTTPS packets and answer the questions below:

Questions:

Set A:

  1. Which command can be used to only show SSL traffic?
  2. Which command can be used to only print the source IP and destination IP for all SSL handshake packets?
  3. Which command can be used to list issuer name for all SSL certificates exchanged?
  4. Which command can be used to print the IP addresses of all servers accessed over SSL?

Set B:

  1. What are the IP addresses associated with Ask Ubuntu servers (askubuntu.com)?
  2. What is the IP address of the user who interacted with with Ask Ubuntu servers (askubuntu.com)?
  3. What DNS servers were used by the clients for domain name resolutions?
  4. Some machines have a popular antivirus software running on them. What is the name of the antivirus solution? What are the IP addresses of the machines running this solution?


HTTPS is a little hard. We understand that. Here are your hints:

Set A:

  1. Tshark supports protocol based filters to only show traffic of interest 
  2. SSL handshake packets are specific packets used by SSL/TLS to establish a connection. These contain specific protocol fields to exchange information to authenticate and derive key for symmetric encryption channel.
  3. SSL certificates are sent by the servers to client, so client can verify the authenticity of server. These certificate are issued by trusted Certificate Authority (CA) whose name is mentioned in the certificate in addition to its digital signature. 
  4. We can filter traffic based on protocol and then we can also print only selective protocol fields. There you go!

Set B:

  1. Before connecting to a server using IP address, our machine actually figure our the IP address from the given domain name using a domain name service.
  2. We have IP header in each IP packets which tells machine about the origin and final destination of the packet.
  3. Domain Name Service (DNS) servers listen on standard port which wireshark uses to filter the DNS traffic. IP header on such packets can tell the destination. But remember, we have DNS requests and responses. :) 
  4. Check for top 10 Antivirus (AV) solutions. See if you can find any one of them updating there in the traffic?

The following activities are strictly prohibited on this website unless otherwise explicitly stated as allowed in the mission statement:

  • Using automated scanners
  • Using brute force attacks
  • Denial of Service attacks
  • Attacking other student machines in challenges where you might achieve a shell on the vulnerable system
  • Attacking the lab infrastructure

Users violating the above will be either temporarily or permanently banned from the website. 

If you are unsure about an activity, then please contact support to confirm that it is allowed on our website.

Technical Support for this Lab:

There is a reason we provide unlimited lab time: you can take as much time as you need to solve a lab. However, we realize that sometimes hints might be necessary to keep you motivated!

We currently provide technical support limited to:

  • Giving hints for a lab exercise
  • In rare circumstances, if you have totally given up (NO!!!) then tell you how to solve it. This will be limited to sharing the solution video or lab report
  • A lab exercise fails to load or has errors in it

If you need technical support, please email  attackdefense@pentesteracademy.com  clearly mention the name and link of the lab exercise and other essential details. The more descriptive you are, the faster we can help you. We will get back to you within 24 hours or less. 

For adminitrative queries, billing, enterprise accounts etc. please email feedback@binarysecuritysolutions.com