[Bro] How to use HTTP ZIP detection/conversion ?
robin at icir.org
Mon May 19 21:13:22 PDT 2008
On Mon, May 19, 2008 at 02:29 +0200, you wrote:
> Anyone how to extract zip on http stream and search (ids) on ?
Don't worry, It Just Works(TM) :-)
Just make sure that configure can find zlib (w/ development
headers). If unsure, double-check that HAVE_LIBZ is 1 in config.h.
Then Bro will decode gzip content encodings and pass the unzipped
data on to http-body's pattern matching.
(If this doesn't seem to work for you even though configure found
zlib, please send me a small trace and a signature which reproduce
Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro