[Bro] ActiveHTTP

Dave Crawford bro at pingtrip.com
Sat Jan 28 06:15:25 PST 2017


I added simple print statements in base/utils/active-http.bro and it doesn’t appear to be entering it’s when() block either. These are the two print statements I added: 

        print "Entering the ActiveHTTP::Request when() block";
        return when ( local result = Exec::run([$cmd=cmd, $stdin=stdin_data, $read_files=set(bodyfile, headersfile)]) )
                {
                print "In ActiveHTTP::Request when() block";
                # If there is no response line then nothing else will work either.
 
And the second print doesn’t execute:

$ bro -r test.pcap local ../test.bro 

Entering the ActiveHTTP::Request when() block...

I have ‘exit_only_after_terminate’ set to true so it just hangs at this point until I ctrl-c and I see the tmp files deleted.

-Dave

> On Jan 27, 2017, at 11:49 PM, Dave Crawford <bro at pingtrip.com> wrote:
> 
> I’m testing a new script in 2.5 that uses ActiveHTTP but I'm unable to retrieve the response. With a simple test script of:
> 
>     when ( local resp = ActiveHTTP::request([$url="https://www.google.com <https://www.google.com/>/"]) )
>       {
>       print “Inside the Matrix."
>       }
> 
> I can see the ActiveHTTP request was successful based on the temporary files created:
> 
> -rw-r--r--  1 dave  wheel  162 Jan 27 23:43 /tmp/bro-activehttp-HJKhXt6UYXi_body
> -rw-r--r--  1 dave  wheel  163 Jan 27 23:43 /tmp/bro-activehttp-HJKhXt6UYXi_headers
> 
> But the print statement within the when block never executes. Any ideas what I’m missing?
> 
> -Dave
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170128/6d1b34f4/attachment.html 


More information about the Bro mailing list