[Bro] libmagic for HTTP

Seth Hall seth at net.ohio-state.edu
Fri May 30 11:09:54 PDT 2008


On May 30, 2008, at 1:41 PM, Eric Thomas wrote:

> I like FileAnalyzer and its use of libmagic. But I'd like to explore  
> ways
> it can be used for protocols other than FTP, SMTP, etc. Would it be
> possible to expose some BIFs so that the magic number analyzer could  
> be
> used elsewhere, such as http_entity_data? Or is this already there  
> and I'm
> just missing it? Thanks!

Here is a patch for Bro's trunk to add two libmagic BiFs.  
(identify_magic_descr, identify_magic_mime).  I have a corresponding  
Bro script for identifying files transferred over HTTP if you're  
interested in it too.

   .Seth

-------------- next part --------------
A non-text attachment was scrubbed...
Name: libmagic_bifs.patch
Type: application/octet-stream
Size: 1878 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20080530/ea8fdc0a/attachment.obj 
-------------- next part --------------



---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721






More information about the Bro mailing list