Solution: We can take a look in the first HTTP packet: The value of parameter x are start with 424d , It is header of bmp file. But there’re a lot of http packet. So my idea is to write a script to extract all the value out. Solution Script
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
from scapy.all import * import scapy_http.http as http import requests import json import dpkt output = "" pkts = rdpcap('C:\\Users\\Admin\\Desktop\\cap.pcap') for p in pkts: if p.haslayer('HTTPRequest'): rawData = p.getlayer(Raw).load if "&x=" in rawData: output = output + rawData[rawData.find("x="):].replace("x=","") with open("flag.bmp","wb") as f: f.write(output.decode('hex')) f.close() |
Output
Leave a Comment