[Bro-Dev] #988: Bug in HTTP body extraction
Bro Tracker
bro at tracker.bro.org
Sun Apr 28 16:16:28 PDT 2013
#988: Bug in HTTP body extraction
----------------------+--------------------
Reporter: matthias | Owner: seth
Type: Problem | Status: new
Priority: High | Milestone: Bro2.2
Component: Bro | Version: 2.1
Keywords: |
----------------------+--------------------
There exists a bug in HTTP body extraction that prevents certain bodies
from being dumped, even though having set
{{{
redef extract_file_types = /.*/;
}}}
This happens presumably because Bro does not figure out the correct MIME
type and does not set `c$http$mime_type`. It results in this check
failing:
{{{
if ( c$http?$mime_type && extract_file_types in c$http$mime_type )
{
c$http$extract_file = T;
}
}}}
On a related note, I also find missing responses to HTTP POST requests
which I assume come from the same issues.
I have a trace that I could attach, but wanted to make sure it's worth the
effort in face of the upcoming file analysis framework, or if we plan on
pushing a 2.1 hotfix for this.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/988>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list