[Bro-Dev] #988: Bug in HTTP body extraction

Bro Tracker bro at tracker.bro.org
Sun Apr 28 16:16:28 PDT 2013

#988: Bug in HTTP body extraction
 Reporter:  matthias  |      Owner:  seth
     Type:  Problem   |     Status:  new
 Priority:  High      |  Milestone:  Bro2.2
Component:  Bro       |    Version:  2.1
 Keywords:            |
 There exists a bug in HTTP body extraction that prevents certain bodies
 from being dumped, even though having set

 redef extract_file_types = /.*/;

 This happens presumably because Bro does not figure out the correct MIME
 type and does not set `c$http$mime_type`. It results in this check

     if ( c$http?$mime_type && extract_file_types in c$http$mime_type )
       c$http$extract_file = T;

 On a related note, I also find missing responses to HTTP POST requests
 which I assume come from the same issues.

 I have a trace that I could attach, but wanted to make sure it's worth the
 effort in face of the upcoming file analysis framework, or if we plan on
 pushing a 2.1 hotfix for this.

Ticket URL: <http://tracker.bro.org/bro/ticket/988>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list