[Bro] Trying to extract HTTP payload
abhishek.lists at gmail.com
Tue Sep 18 10:23:56 PDT 2012
It still does not seem to work, there is nothing in the current
directory. Here is an entry from http.log
1347988766.291078 t3VZX9hEzl7 192.168.10.185 48299 22.214.171.124 80 0 - - - - - 0 1131 200 OK - - - (empty) - - - image/jpeg - -
There are similar entries which do not have a file name.
On Tue, Sep 18, 2012 at 10:14 AM, Seth Hall <seth at icir.org> wrote:
> On Sep 18, 2012, at 1:08 PM, Abhishek Chanda <abhishek.lists at gmail.com> wrote:
>> sudo ./bro -i eth0 "HTTP::extract_file_types=/.jpg/"
> sudo ./bro -i eth0 "HTTP::extract_file_types=/.*\.jpg/"
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
More information about the Bro