[Bro] libmagic for HTTP
Seth Hall
seth at net.ohio-state.edu
Fri May 30 11:09:54 PDT 2008
On May 30, 2008, at 1:41 PM, Eric Thomas wrote:
> I like FileAnalyzer and its use of libmagic. But I'd like to explore
> ways
> it can be used for protocols other than FTP, SMTP, etc. Would it be
> possible to expose some BIFs so that the magic number analyzer could
> be
> used elsewhere, such as http_entity_data? Or is this already there
> and I'm
> just missing it? Thanks!
Here is a patch for Bro's trunk to add two libmagic BiFs.
(identify_magic_descr, identify_magic_mime). I have a corresponding
Bro script for identifying files transferred over HTTP if you're
interested in it too.
.Seth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libmagic_bifs.patch
Type: application/octet-stream
Size: 1878 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20080530/ea8fdc0a/attachment.obj
-------------- next part --------------
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the Bro
mailing list