[Bro-Dev] #988: Bug in HTTP body extraction
Bro Tracker
bro at tracker.bro.org
Mon Apr 29 12:21:51 PDT 2013
#988: Bug in HTTP body extraction
-----------------------+--------------------
Reporter: matthias | Owner: seth
Type: Problem | Status: new
Priority: Medium | Milestone: Bro2.2
Component: Bro | Version: 2.1
Resolution: | Keywords:
-----------------------+--------------------
Comment (by matthias):
It seems that the FAF resolves this problem, I can now see the HTTP bodies
for both POST requests and the text/plain MIME type.
However, I do had trouble finding the corresponding files. For example,
for a given HTTP session the `extraction_file` column shows `http-item-
ku9xiCY0bg9-37.dat`, which includes the HTTP response body. The
corresponding request body sits in `http-item-oh0kb6JHiM5-36.dat` but is
not referenced in the `http.log`.
Some options:
1. Extend the `extraction_file` column in the `http.log` to also include
the file name of the request, say separated by comma (or whatever is the
separator for sets).
2. Have a separate column for request and response.
3. Change the extraction file name to include also the connection UID.
We need address issue (1) in any case because the current
`extraction_file` approach does not match the reality where we can have
multiple files per HTTP request-response pair.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/988#comment:3>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list