Comment on page



We found this packet capture and key. Recover the flag. You can also find the file in /problems/webnet1_0_d63b267c607b8fedbae100068e010422.


  1. 1.
    Open in Wireshark
  2. 2.
    Go to Edit > Preferences > Protocols > TLS > RSA keys list
  3. 3.
    Add the key to the list (don't worry about ip and other columns)
  4. 4.
    Flag is in JPEG JFIF packet Reassembled SSL section
TTP/1.1 200 OK
Date: Fri, 23 Aug 2019 16:27:04 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Fri, 23 Aug 2019 16:26:33 GMT
ETag: "112fb-590cb44f2cbe6"
Accept-Ranges: bytes
Content-Length: 70395
Pico-Flag: picoCTF{}
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg
ÿØÿàJFIFÿáExifMM*JR(;ZpicoCTF{honey.roasted.peanuts}ÿâICC_PROFILE lcmsmntrRGB XYZ Ü)9acspAPPLöÖÓ-lcms