# HTTP

## Challenge

> Nous avons intercepté un paquet réseau ! Nous nous sommes aperçus qu'il n'utilisait pas une connexion sécurisée, peux-tu trouver le mot de passe de l'utilisateur ?
>
> Le flag à entrer est le mot de passe de l'utilisateur

And an added pcapng file:

{% file src="<https://1102212211-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fa46Jmz9dIuFnWcXn3ooO%2Fuploads%2FdD3TVOKTUmYomclMU9pd%2Fhttp.pcapng?alt=media&token=730ee6f5-a914-480a-80d4-bf8c5348a4cb>" %}

## Solution

The attachment for this task is a pcapng file, which can be opened with WireShark. There we can see multiple HTTP requests and the key is to find the ones using POST.

<figure><img src="https://1102212211-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fa46Jmz9dIuFnWcXn3ooO%2Fuploads%2FZPpodE820CWbpMrvDsTI%2Fpost%201.png?alt=media&#x26;token=ae663560-6708-457b-aa7e-6367bb21e656" alt=""><figcaption></figcaption></figure>

When we click on it we can access the "HTML Form URL Encoded" which gives us a clear text username and password combo (and this is the flag).

<figure><img src="https://1102212211-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fa46Jmz9dIuFnWcXn3ooO%2Fuploads%2FvrtoPlnvaaDV4osh2sHO%2Fhtmlformurlencoded.png?alt=media&#x26;token=151225e1-49e6-4f25-993b-c0c2cdedcd78" alt=""><figcaption></figcaption></figure>