- Opened the provided
.pcapfile in Wireshark. - Went to
File > Export Objects > HTTPand selected Save All to extract HTTP-transferred files. - Found a file named
loginamong the exported objects. It contained the following text, giving us the password which the user entered.
username=ironpotatoadmin&password=C1%7Bmaybe_TLS_would_be_nice%7D
We can URL decode it to get the flag:
C1{maybe_TLS_would_be_nice}