Edit lab

Editing ws-http-credentials

{
  "slug": "ws-http-credentials",
  "tags": [
    "wireshark",
    "interactive",
    "guided-lab"
  ],
  "flags": [
    {
      "key": "final",
      "value": "ZDL{basic-auth-over-http-leaks-secrets}"
    }
  ],
  "hints": [
    {
      "id": "hint-1",
      "content": "Start with the display filter http.authorization, then inspect the Authorization header value.",
      "penaltyPoints": 0
    },
    {
      "id": "hint-2",
      "content": "The header contains a Basic auth blob. Base64-decode it and you will get username:password.",
      "penaltyPoints": 5
    }
  ],
  "title": "HTTP Credentials in Cleartext",
  "runtime": {
    "mode": "docker_compose",
    "cpuLimit": 1,
    "exposePorts": [],
    "templateKey": "wireshark-pcap-lab",
    "memoryLimitMb": 512,
    "artifactsMountPath": "/lab/artifacts"
  },
  "summary": "Recover exposed credentials from a packet capture and explain why plain HTTP is the root problem.",
  "scenario": "A helpdesk admin swears they only logged into an internal tool for a second. Network monitoring captured the traffic. Your job is to confirm whether credentials were exposed in transit and explain the failure mode clearly enough that an engineer cannot shrug it off.",
  "artifacts": [
    {
      "key": "primary",
      "path": "artifacts/ws-http-credentials.pcapng",
      "type": "pcap",
      "label": "HTTP credential exposure capture (.pcapng)",
      "downloadable": true
    },
    {
      "key": "workbench",
      "path": "artifacts/index.html",
      "type": "text_blob",
      "label": "Browser workbench",
      "downloadable": true
    }
  ],
  "questions": [
    {
      "key": "q1",
      "type": "short_text",
      "answer": "j.smith",
      "points": 10,
      "prompt": "What username was exposed in the HTTP Authorization header?",
      "caseSensitive": false
    },
    {
      "key": "q2",
      "type": "short_text",
      "answer": "Summer2026!",
      "points": 10,
      "prompt": "What password was exposed in transit?",
      "caseSensitive": true
    },
    {
      "key": "q3",
      "type": "short_text",
      "answer": "Basic",
      "points": 10,
      "prompt": "Which authentication scheme carried the credentials?",
      "caseSensitive": false
    },
    {
      "key": "flag-final",
      "type": "flag",
      "answer": "ZDL{basic-auth-over-http-leaks-secrets}",
      "points": 20,
      "prompt": "Submit the final lab flag.",
      "caseSensitive": true
    }
  ],
  "trackSlug": "wireshark-fundamentals",
  "difficulty": "beginner",
  "trackTitle": "Wireshark Fundamentals",
  "instructions": [
    {
      "id": "step-1",
      "title": "Open the runtime guide",
      "content": "The live runtime includes the packet-analysis checklist and the exact filters to try first."
    },
    {
      "id": "step-2",
      "title": "Inspect the capture",
      "content": "Download the .pcapng file, filter on HTTP, and locate the request carrying an Authorization header."
    },
    {
      "id": "step-3",
      "title": "Explain the risk",
      "content": "Recover the username and password, then explain why anyone with network visibility could do the same."
    }
  ],
  "estimatedMinutes": 20,
  "timeLimitMinutes": 30,
  "learningObjectives": [
    "Filter quickly to the relevant HTTP traffic in a small packet capture.",
    "Identify and decode a Basic Authorization header.",
    "Explain the difference between base64 encoding and actual transport security."
  ],
  "dbLabId": "37137e12-cbe1-4779-921c-f0add6c07d2c"
}