CTF流量题解http1.pcapng

  1. 使用Wireshark工具打开流量文件http1.pcapng,如下图所示。

CTF流量题解http1.pcapng_第1张图片

  1. 在过滤检索栏输入http,wireshark自动进行过滤。

CTF流量题解http1.pcapng_第2张图片

  1. 选中其中一条记录后,wireshark 下方显示若干信息。

CTF流量题解http1.pcapng_第3张图片

Frame 81: 925 bytes on wire (7400 bits), 925 bytes captured (7400 bits) on interface eth0, id 0
Ethernet II, Src: IntelCor_ac:91:ad (38:de:ad:ac:91:ad), Dst: PcsCompu_ed:cb:ff (08:00:27:ed:cb:ff)
Internet Protocol Version 4, Src: 192.168.43.173, Dst: 192.168.43.230
Transmission Control Protocol, Src Port: 80, Dst Port: 58648, Seq: 1, Ack: 415, Len: 871
Hypertext Transfer Protocol
    HTTP/1.1 200 OK\r\n
    Server: nginx/1.11.5\r\n
    Date: Tue, 22 Dec 2020 01:53:46 GMT\r\n
    Content-Type: text/html; charset=UTF-8\r\n
    Transfer-Encoding: chunked\r\n
    Connection: keep-alive\r\n
    Vary: Accept-Encoding\r\n
    X-Powered-By: PHP/7.2.1\r\n
    Content-Encoding: gzip\r\n
    \r\n
    [HTTP response 1/1]
    [Time since request: 0.039416574 seconds]
    [Request in frame: 80]
    **[Request URI: http://192.168.43.173/yctf/cmd_exec/index.php?ip=flag%7Byou_can_find_it%7D]**
    HTTP chunked response
    Content-encoded entity body (gzip): 617 bytes -> 1221 bytes
    File Data: 1221 bytes
Line-based text data: text/html (36 lines)

[Request URI: http://192.168.43.173/yctf/cmd_exec/index.php?ip=flag%7Byou_can_find_it%7D] 里面包含了flag。

你可能感兴趣的:(python)