[Bro-Dev] #670: Extend decode_base64() to accomodate alternate base64 charsets
Bro Tracker
bro at tracker.bro-ids.org
Wed Nov 9 14:06:33 PST 2011
#670: Extend decode_base64() to accomodate alternate base64 charsets
--------------------------+-----------------------------
Reporter: david.bianco | Type: Feature Request
Status: new | Priority: Normal
Milestone: | Component: Bro
Version: 2.0 Beta | Keywords:
--------------------------+-----------------------------
Using an alternate base64 alphabet to encode data with the standard base64
algorithm is effectively the same as encrypting it with a long
alphanumeric encryption key. We see this in common use in malware C2
channels. If we could supply a known alphabet to the base64 function, we
could more easily decode some of the C2 channels. This would be of great
benefit to many Bro users.
Ideally, I'd like to see something like:
const my_alphabet: string = "...";
decoded = decode_base64(data, my_alphabet);
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/670>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list