Day 10: Wireshark Basics – Identifying Suspicious HTTP Headers and User-Agent
Objective: Analyze HTTP headers, particularly the User-Agent and other header fields, to spot anomalies or indicators of compromise. The goal is to learn how to filter HTTP traffic and inspect header contents in Wireshark.
Challenge Description: In this scenario, attackers may be using a non-standard or malicious User-Agent string in their HTTP requests, or embedding data in other HTTP headers. Your task is to filter HTTP traffic in the PCAP and look for unusual header values (for instance, a User-Agent that looks like a bot or has odd content). There is an embedded TSEC flag hidden within a header field or unusual header.
