[Bro] Extract files based on magic number using Bro 2.2
Marius Portaas Haugen
mariusph at ifi.uio.no
Fri Jan 24 04:44:17 PST 2014
I'm just wondering; Is it possible to extract files based solely on
their magic number using Bro 2.2
In Bro 2.1, it was possible to extract files just by comparing the
with the first X bytes. I used the script provided here, with great
However, in Bro 2.2, thigs seem to have changed. Most examples and docs
seem to use the MIME-type to determine if a file will be extracted or
not, e.g. here:
I also see that there har been included some sort of "magic number
database"(/bro/share/bro/magic/), but I find little
documentation on what its role is in regards of file extraction, as
well as the formatting that is being used.
Have I missed something essential here?
If anyone could help me better understand how file extraction works now
in Bro 2.2, it is most appreciated! :)
Marius P. Haugen.
More information about the Bro