Workshops will be consisting of capturing sensitive data from a tcpdump sample of network traffic. The sensitive data captured includes:
- Login credentials (Passwords and Usernames)
- Credit Card Numbers
- ID Photos
The objective of the workshop is:
- Obtaining Credit Card Numbers of five users (using Websocket analysis on wireshark)
- Obtaining ID photos of five users (having decoded images from base64 in a POST request payload data)
- Obtaining Passwords and Usernames of seven users
- using some of them to receive a flag from the website hosted at
localhost:3000
- using some of them to receive a flag from the website hosted at
The virtual machine needs to have docker compose, wireshark and git installed on the system.
git clone https://github.com/putrequest/network-sniff-workshop && cd network-sniff-workshop
The dockerized version in polish or english (make sure the user is in the docker group). To build the polish version:
LANGUAGE=pl docker compose -f docker-compose.unsecure.yml up -d
For the english version:
LANGUAGE=en docker compose -f docker-compose.unsecure.yml up -d
Then seed the database using:
docker compose -f docker-compose.unsecure.yml exec db sh /data/seed.sh
docker compose -f docker-compose.unsecure.yml exec backend sh /data/seed.sh
Then wait for some bit (you can use docker compose -f docker-compose.unsecure.yml logs -f) to make sure that the service is up and running. The website should be available locally at localhost:3000.
The docs for the workshop in Polish and English can be found at the docs folder. This includes the speaker presentation as well as the workshop presentation and the workshop instructions for the user.