[Bro] how to get bro to support utf-8 chars like Chinese in detect-webapps.sig ?

Seth Hall seth at icir.org
Wed Dec 4 08:06:01 PST 2013

On Dec 4, 2013, at 9:38 AM, Gao Yongwei <itxx00 at gmail.com> wrote:

> when I turn off gzip in nginx.conf , bro works fine, but when turn on gzip, bro seems not work.
> how could bro unzip the html content before apply the payload ? thank.

We have a specialized keyword for checking patterns in HTTP payloads.  It was decode the content prior to matching.

http-reply-body /test\xF0\x9F\x92\xA9test/

Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131204/3e88344a/attachment.bin 

More information about the Bro mailing list