Rating: 2.0

Once you have the pcap file: john-in-the-middle.pcap.

We can use different tools.
We used foremost <pcap_file>.
It extracts the five png pictures in output folder.

There are five images in png directory.
Once we open the directory there is image which contains image with flag.

We used imagemagic tool to get the flag.
$ convert 00000403.png -edge 10 00000403_new.png

Open the image 00000403_new.png. It has flag as flag{J0hn_th3_Sn1ff3r}.








Original writeup (https://github.com/kpsubedi/ctf_writeups/).