[Bro-Dev] #988: Bug in HTTP body extraction

Bro Tracker bro at tracker.bro.org
Sun Apr 28 16:16:28 PDT 2013


#988: Bug in HTTP body extraction
----------------------+--------------------
 Reporter:  matthias  |      Owner:  seth
     Type:  Problem   |     Status:  new
 Priority:  High      |  Milestone:  Bro2.2
Component:  Bro       |    Version:  2.1
 Keywords:            |
----------------------+--------------------
 There exists a bug in HTTP body extraction that prevents certain bodies
 from being dumped, even though having set

 {{{
 redef extract_file_types = /.*/;
 }}}

 This happens presumably because Bro does not figure out the correct MIME
 type and does not set `c$http$mime_type`. It results in this check
 failing:

 {{{
     if ( c$http?$mime_type && extract_file_types in c$http$mime_type )
       {
       c$http$extract_file = T;
       }
 }}}

 On a related note, I also find missing responses to HTTP POST requests
 which I assume come from the same issues.

 I have a trace that I could attach, but wanted to make sure it's worth the
 effort in face of the upcoming file analysis framework, or if we plan on
 pushing a 2.1 hotfix for this.

-- 
Ticket URL: <http://tracker.bro.org/bro/ticket/988>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker



More information about the bro-dev mailing list