I was tasked with analyzing a short and suspicious packet-stream on an HTTP connection as part of a box I’m doing.
Following the TCP stream of the packets there’s nothing readable, the first HTTP packet (there are 2 overall), is a
text/html content type so I exported this in wireshark to a
.html file and it indeed revealed a file upload page.
The second packet is a POST request with the
multipart/form-data, now excuse me for the dummy question (I am more on the offensive side of infosec) – how do I identify the contents of this packet whether it could be an executable,binary, any other type of file. Or am I not approaching this packet correctly?