[Bro] Parsing HTTP Traffic
nweaver at ICSI.Berkeley.EDU
Fri Oct 24 10:46:30 PDT 2014
> On Oct 24, 2014, at 10:39 AM, anthony kasza <anthony.kasza at gmail.com> wrote:
> You'll have to reconstruct HTTP bodies and parse the json. There are a few scripts that do the body reconstruction floating around github.
The other option if things are always the same is to just use a couple of regular expressions to indicate where the data should be.
Nicholas Weaver it is a tale, told by an idiot,
nweaver at icsi.berkeley.edu full of sound and fury,
510-666-2903 .signifying nothing
More information about the Bro