[Bro] Bro Script to detect plain text passwords?

Nick Pratley npratley at redhat.com
Tue Nov 4 18:25:51 PST 2014

An example of detecting HTTP basic authentication is given here:

On 11/05/2014 10:32 AM, anthony kasza wrote:
> Absolutely. This is something well suited for Bro's policy scripts.
> -AK
> On Nov 4, 2014 3:45 PM, "Jeff Hammett" <jeff at jeffhammett.com <mailto:jeff at jeffhammett.com>> wrote:
>     I recently demo’d Tenable’s Passive Vulnerability Scanner, but found that it wasn’t a good fit
>     for my environment. However it did have one nice feature I liked, the ability to detect
>     passwords sent in plain text.
>     Does Bro have this functionality? Or would it be feasible to write a script to do so? (I haven’t
>     written any scripts yet, but am interested).
>     I think I would be most interested in detecting plain text passwords used for http logins, but
>     wouldn’t mind monitoring for other protocols as well.
>     Jeff
>     _______________________________________________
>     Bro mailing list
>     bro at bro-ids.org <mailto:bro at bro-ids.org>
>     http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list