Mysteri0K1ng · Mysteri0K1ng · Jun 16, 2026
diff --git a/cert-chain.txt b/cert-chain.txt
@@ -0,0 +1,85 @@
+CONNECTED(00000003)
+---
+Certificate chain
+ 0 s:
+   i:CN = Caddy Local Authority - ECC Intermediate
+   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256
+   v:NotBefore: Jun 16 18:45:09 2026 GMT; NotAfter: Jun 17 06:45:09 2026 GMT
+-----BEGIN CERTIFICATE-----
+MIIBvzCCAWSgAwIBAgIRAKAfcMliWfFQqP2uILcv8RkwCgYIKoZIzj0EAwIwMzEx
+MC8GA1UEAxMoQ2FkZHkgTG9jYWwgQXV0aG9yaXR5IC0gRUNDIEludGVybWVkaWF0
+ZTAeFw0yNjA2MTYxODQ1MDlaFw0yNjA2MTcwNjQ1MDlaMAAwWTATBgcqhkjOPQIB
+BggqhkjOPQMBBwNCAARzv2IEdTRf6dMXmpOqTczHNuOSUrv9zKv+GBaieABfLmVQ
+KuTNbt1JML8ASUSoyhAg1FugSCbiLQtjqO8l9iXSo4GLMIGIMA4GA1UdDwEB/wQE
+AwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFKhE
+lw+VZTEovQY+OQVIGYkKML37MB8GA1UdIwQYMBaAFElhYr54rChV5P57JoFNX5r7
+mqWYMBcGA1UdEQEB/wQNMAuCCWxvY2FsaG9zdDAKBggqhkjOPQQDAgNJADBGAiEA
+nw3FfY8U4r9TveCxKehQP1n3Rf3W6Jcl2MRiodY4TR8CIQCtS0Fi0XWr9RTxGluL
+bg6b2fle+qwRU5JkLbam6HMgpg==
+-----END CERTIFICATE-----
+ 1 s:CN = Caddy Local Authority - ECC Intermediate
+   i:CN = Caddy Local Authority - 2026 ECC Root
+   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256
+   v:NotBefore: Jun 16 18:45:09 2026 GMT; NotAfter: Jun 23 18:45:09 2026 GMT
+-----BEGIN CERTIFICATE-----
+MIIBxzCCAW6gAwIBAgIRAM8Iism4v6rs441Ml1RakpUwCgYIKoZIzj0EAwIwMDEu
+MCwGA1UEAxMlQ2FkZHkgTG9jYWwgQXV0aG9yaXR5IC0gMjAyNiBFQ0MgUm9vdDAe
+Fw0yNjA2MTYxODQ1MDlaFw0yNjA2MjMxODQ1MDlaMDMxMTAvBgNVBAMTKENhZGR5
+IExvY2FsIEF1dGhvcml0eSAtIEVDQyBJbnRlcm1lZGlhdGUwWTATBgcqhkjOPQIB
+BggqhkjOPQMBBwNCAAQXkRGfeie3v6A2plmPe2b13kHed/LcQxgOvbE3jKeDUshn
+copYAOkS7FEt166G80Ie4fuDsjhjPhROr7/oEqsVo2YwZDAOBgNVHQ8BAf8EBAMC
+AQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUSWFivnisKFXk/nsmgU1f
+mvuapZgwHwYDVR0jBBgwFoAUCdXqj89bFeBdywbjiiosiH4VvX8wCgYIKoZIzj0E
+AwIDRwAwRAIgQw/AbgM0cZs3epjz/CSYF1oFmISpw8gBktIprsaMdHwCIDkOq6fu
+mRdCNF20XYh2bfa5sJiOiVvKoRe0zlAt8uoP
+-----END CERTIFICATE-----
+---
+Server certificate
+subject=
+issuer=CN = Caddy Local Authority - ECC Intermediate
+---
+No client certificate CA names sent
+Peer signing digest: SHA256
+Peer signature type: ECDSA
+Server Temp Key: X25519, 253 bits
+---
+SSL handshake has read 1271 bytes and written 375 bytes
+Verification error: unable to get local issuer certificate
+---
+New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
+Server public key is 256 bit
+Secure Renegotiation IS NOT supported
+Compression: NONE
+Expansion: NONE
+No ALPN negotiated
+Early data was not sent
+Verify return code: 20 (unable to get local issuer certificate)
+---
+---
+Post-Handshake New Session Ticket arrived:
+SSL-Session:
+    Protocol  : TLSv1.3
+    Cipher    : TLS_AES_128_GCM_SHA256
+    Session-ID: 2CB0DA995EB4E89B81B007E7AFFFC21661CD6B8CFF82665C616B5DB5432E328D
+    Session-ID-ctx: 
+    Resumption PSK: FDFC38567D0E7BF6B6A7D4547316668C851E32F4139B76884394E74354AA7F8C
+    PSK identity: None
+    PSK identity hint: None
+    SRP username: None
+    TLS session ticket lifetime hint: 604800 (seconds)
+    TLS session ticket:
+    0000 - ce 22 de 78 0d 8f b0 8d-41 53 47 7d 24 c1 5e 8a   .".x....ASG}$.^.
+    0010 - c8 7f 8a c7 c9 81 98 73-d5 c4 6e ac a0 da b6 f2   .......s..n.....
+    0020 - d7 ec ca 6c 5a b8 2a e4-a4 fe d3 d3 a3 b8 58 ae   ...lZ.*.......X.
+    0030 - e4 0a ca b0 de 9d df d1-09 fe 29 85 c0 72 e6 50   ..........)..r.P
+    0040 - f7 5f 38 53 15 7e 1a fc-4c bd 4c e2 9a d1 ed e1   ._8S.~..L.L.....
+    0050 - 73 f5 f7 6b 0e aa 40 02-cb 0a cd 6d ad 9f fb 76   s..k..@....m...v
+    0060 - ad 84 d3 52 69 00 ff 74-18                        ...Ri..t.
+
+    Start Time: 1781636491
+    Timeout   : 7200 (sec)
+    Verify return code: 20 (unable to get local issuer certificate)
+    Extended master secret: no
+    Max Early Data: 0
+---
+read R BLOCK
diff --git a/lab4-tls.pcap b/lab4-tls.pcap
diff --git a/lab4-trace.txt b/lab4-trace.txt
@@ -0,0 +1,43 @@
+20:14:38.597650 IP 127.0.0.1.51824 > 127.0.0.1.8080: Flags [S], seq 3335370418, win 65495, options [mss 65495,sackOK,TS val 1766035711 ecr 0,nop,wscale 7], length 0
+E..<P8@.@............p...............0.........
+iC..........
+20:14:38.597701 IP 127.0.0.1.8080 > 127.0.0.1.51824: Flags [S.], seq 535201973, ack 3335370419, win 65483, options [mss 65495,sackOK,TS val 1766035711 ecr 1766035711,nop,wscale 7], length 0
+E..<..@.@.<............p.............0.........
+iC..iC......
+20:14:38.597752 IP 127.0.0.1.51824 > 127.0.0.1.8080: Flags [.], ack 1, win 512, options [nop,nop,TS val 1766035711 ecr 1766035711], length 0
+E..4P9@.@............p...............(.....
+iC..iC..
+20:14:38.597956 IP 127.0.0.1.51824 > 127.0.0.1.8080: Flags [P.], seq 1:175, ack 1, win 512, options [nop,nop,TS val 1766035711 ecr 1766035711], length 174: HTTP: POST /notes HTTP/1.1
+E...P:@.@............p.....................
+iC..iC..POST /notes HTTP/1.1
+Host: 127.0.0.1:8080
+User-Agent: curl/8.5.0
+Accept: */*
+Content-Type: application/json
+Content-Length: 39
+
+{"title":"trace me","body":"in flight"}
+20:14:38.597960 IP 127.0.0.1.8080 > 127.0.0.1.51824: Flags [.], ack 175, win 511, options [nop,nop,TS val 1766035711 ecr 1766035711], length 0
+E..4..@.@..............p.......a.....(.....
+iC..iC..
+20:14:38.616063 IP 127.0.0.1.8080 > 127.0.0.1.51824: Flags [P.], seq 1:207, ack 175, win 512, options [nop,nop,TS val 1766035729 ecr 1766035711], length 206: HTTP: HTTP/1.1 201 Created
+E.....@.@..<...........p.......a...........
+iC..iC..HTTP/1.1 201 Created
+Content-Type: application/json
+Date: Tue, 16 Jun 2026 17:14:38 GMT
+Content-Length: 93
+
+{"id":7,"title":"trace me","body":"in flight","created_at":"2026-06-16T17:14:38.598761313Z"}
+
+20:14:38.616127 IP 127.0.0.1.51824 > 127.0.0.1.8080: Flags [.], ack 207, win 511, options [nop,nop,TS val 1766035729 ecr 1766035729], length 0
+E..4P;@.@............p.....a.........(.....
+iC..iC..
+20:14:38.616587 IP 127.0.0.1.51824 > 127.0.0.1.8080: Flags [F.], seq 175, ack 207, win 512, options [nop,nop,TS val 1766035730 ecr 1766035729], length 0
+E..4P<@.@............p.....a.........(.....
+iC..iC..
+20:14:38.616709 IP 127.0.0.1.8080 > 127.0.0.1.51824: Flags [F.], seq 207, ack 176, win 512, options [nop,nop,TS val 1766035730 ecr 1766035730], length 0
+E..4..@.@..	...........p.......b.....(.....
+iC..iC..
+20:14:38.616742 IP 127.0.0.1.51824 > 127.0.0.1.8080: Flags [.], ack 208, win 512, options [nop,nop,TS val 1766035730 ecr 1766035730], length 0
+E..4P=@.@............p.....b.........(.....
+iC..iC..
diff --git a/screenshots/lab4/certchain.png b/screenshots/lab4/certchain.png
diff --git a/screenshots/lab4/clienthello.png b/screenshots/lab4/clienthello.png
diff --git a/screenshots/lab4/serverhello.png b/screenshots/lab4/serverhello.png