Browse Month

June 2016

Wireshark GUI

More Compiled List of Sample PCAP Files for Practice

Wireshark GUI
Image Courtesy: Wikipedia/Wireshark

A quick follow up from one of my earlier post regarding a compiled list of sample PCAP files, here are more files for your practices on Wireshark features and techniques, of which some of them even have blog posts on the decrypting of the files. I hope they are helpful to you too.

Hacksplaining: Learn to Hack

Hacksplaining: Learn to Hack

Hacksplaining is one of the best website that I have seen so far in terms of the way it teaches people about web vulnerabilities. It uses a very simple and fun way of teaching people about the concepts and theory of web vulnerabilities. To make the deal even better, it is free. I don’t know who are the folks behind this website, but I really like how they make education seems so fun. Kudos to them for the amount of time they have invested in coming out with all those examples and exercises, and etc.

Also, I really like their tagline,

“learn to hack, learn to protect yourself”

Hacksplaining: Learn to Hack
Hacksplaining: Learn to Hack

 

I fully agree with it, just like when you play sports, you need to know the rules and the various techniques and tactics that can be deployed during an attack, before you are able to effectively defend against them. Same concept applies here, if you don’t understand cross site scripting or SQL injection, how are you supposed to ensure that your web application is protected against them?

The following are the list of techniques that you can learn through Hacksplaining‘s interactive way of teaching you web vulnerabilities,

  1. SQL Injection
  2. Clickjacking
  3. Session Fixation
  4. Cross-Site Scripting
  5. Weak Session IDs
  6. Reflected XSS
  7. Dom-Based XSS
  8. Cross-Site Request Forgery
  9. File Upload Vulnerability
  10. XML Bombs
  11. Open Directs
  12. User Enumeration
  13. Broken Access Control
  14. Unencrypted Communication
  15. XML External Entities
  16. Information Leakage
  17. Password Mismanagement
  18. Privilege Escalation
  19.  Command Execution
  20. Directory Traversal
Hacksplaining: Learn to Hack
Hacksplaining: Learn to Hack

Check it out: Hacksplaining: Learn to Hack

Wireshark GUI

Compiled List of Sample PCAP Files for Practice

I was once tasked to perform some investigation on a packet capture (pcap) file to retrieve some information. Before I was given the task, I don’t even know anything about pcap file. Some simple research will tell you that it is a file that captures network traffic.

Interesting uh?

Wireshark GUI
Image Courtesy: Wikipedia/Wireshark

One of the best tool used in the industry for performing packet capturing would be no doubt, Wireshark. The tool itself has many features, which I am not going to do a step-by-step guide today. What I am going to share is actually a compiled list of sample pcap files.

You are right, a compiled list of sample pcap files consolidated by people in the community and listed together in the Wireshark Wiki. It is very useful to people learning Wireshark and want to perform some analysis or test out some features on good pcap files which has more variants of realistic network traffic, furthermore, the choices are vast and interesting (since you did not create it yourself, there are some element of surprise).

Check out the list: https://wiki.wireshark.org/SampleCaptures