Description

JOHN IN THE MIDDLE
100 Points
Can John hijack your surfin’? 🙂

Download

Resolution

There’s a pcap file attached with the challenge.
We open it with Wireshark, and we see multiple HTTP GET requests.
The best thing to do here is extracting all files, so let’s Wireshark handle it for us 🙂

It’s the same page as the home of PoliCTF, but… the logo isn’t the same size.

(85×85 for the online one, and 400×400 for the dumped one.)

We use Stegsolve to analyze the logo, and after playing with some color filters we are able to see a clear text:

Flag is “flag{J0hn_th3_Sn1ff3r}”.