[Bro] Email Link Extraction
scastle at bouldercounty.org
Thu Apr 18 08:58:09 PDT 2013
At first glance this seems like all it needs is an appropriate regex. But then consider: any string containing both "." and "/" might be a candidate. (Actually, just a string containing "." with no space around it.)
So, this might range from the full regex to detect '<a href=".+">.+</a>' to just '\s.+\..+\s' (Perl regex used).
I'd welcome attempts to work on this. And, even if the result does not catch everything, if it gets anything at all it'd be better than what we have now.
Data Security Mgr, Boulder County IT
From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of James Lay
Sent: Thursday, April 18, 2013 09:31
To: bro at bro.org
Subject: Re: [Bro] Email Link Extraction
On 2013-04-18 09:15, . . wrote:
> Hi list,
> Is there an easy way to extract links from emails in a method similar
> to smtp_entities processing of attachments?
> Thanks in advance!
Yea I'll second that...email packet captures make finding links a
challenge as quoted emails split the links..this would really help to
correlate a user click to actual email in a fraction of the time. Thank
Bro mailing list
bro at bro-ids.org
More information about the Bro