[Bro] Bro Script to detect plain text passwords?
jeff at jeffhammett.com
Wed Nov 5 07:36:13 PST 2014
> On Nov 4, 2014, at 6:09 PM, Seth Hall <seth at icir.org> wrote:
> Even better, it's something that we ship with, it just needs to be enabled. We decided to have a default setting of not capturing passwords. If you run Bro through BroControl, add the following line to your local.bro and do the check/install/restart commands in broctl.
> redef HTTP::default_capture_password = T;
> It will be in a field in your http.log named "password". There will also be a field named "username".
Thanks! This is what I was looking for. One more question, how would I go about logging an entry in the notice.log when plaintext passwords are discovered?
More information about the Bro