今年CISCN的Tough DNS 的前戏就是DNS协议分析
直接可以查找到flag的base64形式Zmxh
发现就是请求的dnslog 携带的数据
过滤器就是 dns
tshark -r dns.pcapng -T json -Y "dns" >1.json
字段选择 dns.qry.name
tshark -r dns.pcapng -T json -Y "dns" -e dns.qry.name >2.json
像往常一样提数据即可
import json
with open ("2.json","rb") as f:
data=json.load(f)
a=[]
for i in data:
try:
a.append(i['_source']['layers']['dns.qry.name'][0])
except:
continue
import re
re1=re.compile(r"(.*?)\.i6ov08\.dnslog\.cn")
output=[]
for i in a:
try:
dns=re1.search(i)[1]
if dns not in output:
output.append(dns)
except:
continue
for i in output:
print(i)
做了简单的去重ZmxhZ3tlNjYyYWMxNTRjYTM3NmUxYzAwMWVlOGJiZTgxMzE4Yn0K
flag{e662ac154ca376e1c001ee8bbe81318b}