[Bro] Bro sqli + xss sans paper

Johanna Amann johanna at icir.org
Tue May 30 09:48:24 PDT 2017

Sorry for the slow reply, I hope that this is still useful after this

In any case, http$first_chunk was removed in Bro 2.2; the script needs to
be rewritten with the new http events.


On Tue, Apr 11, 2017 at 02:10:08PM +0300, Alex Kefallonitis wrote:
> I am trying to add the two scripts for sqli and xss from this paper
> https://www.sans.org/reading-room/whitepapers/detection/web-application-attack-analysis-bro-ids-34042
> but i get this error HTTP::c$http$first_chunk no such a field in record...
> Anyone knows what is happening?
> Thanks in advanced.

> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list