[Bro] HTTP plus Compression File Extraction

Seth Hall seth at icir.org
Sat Apr 25 18:12:13 PDT 2015

> On Apr 25, 2015, at 1:16 AM, anthony kasza <anthony.kasza at gmail.com> wrote:
> Is there a way to control how the file analysis framework handles HTTP compression? For example, if a PNG is transferred over HTTP with gzip compression, can I have Bro dump the gzip file instead of the PNG?

Are you sure that’s what you really want?  In the case of gzip, deflate, etc encoded content, that encoding is actually part of the protocol it’s not really an aspect of the file.  That’s how Bro currently handles things at least and seems to be the most sane option to me, but perhaps you have some compelling use case?


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150425/5b2ce47b/attachment.bin 

More information about the Bro mailing list