[Bro] Redirect Chain Script

James Lay jlay at slave-tothe-box.net
Fri Nov 7 09:54:50 PST 2014


On 2014-11-06 21:19, anthony kasza wrote:
> If anyone is interested I have the beginnings of a redirect/driveby
> analysis policy script here:
> 
> <https://github.com/anthonykasza/scratch_pad/tree/master/redirections>.
>
> I've only tested it on pcaps but it seems to work nicely. I image the
> output is a little difficult to interpret if you don't understand 
> what
> the script is doing but I think it may be a good foundation for
> something. Thoughts and feedback are welcome.
>
> -AK
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

Yea this is kind of cool....in a nutshell, this adds:

dns_domain      dns_uid http_uri        http_domain  http_uid

to your conn.log...kind of handy for tracking...thanks for this 
Anthony...I'll try this out full on in dev and if good go into 
production.  I'll let you know if I run into any snags or surprises.

James



More information about the Bro mailing list