[Bro-Dev] [JIRA] (BIT-1104) Add tracking for MSIE 11

Seth Hall (JIRA) jira at bro-tracker.atlassian.net
Thu Dec 5 12:07:45 PST 2013


    [ https://bro-tracker.atlassian.net/browse/BIT-1104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14913#comment-14913 ] 

Seth Hall commented on BIT-1104:
--------------------------------

I have made some changes to your edit and it's in the topic/seth/ie11-software-parsing branch.  Thanks.

> Add tracking for MSIE 11
> ------------------------
>
>                 Key: BIT-1104
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1104
>             Project: Bro Issue Tracker
>          Issue Type: Patch
>          Components: Bro
>    Affects Versions: 2.1
>         Environment: Ubuntu
>            Reporter: Michael Stone
>              Labels: analyzer
>
> MSIE 11.0 currently shows up as <unknown browser>.  It looks like MS might have changed it's user agent string and doesn't include "MSIE".  I added the following to /usr/local/bro/share/bro/base/frameworks/software/main.bro
> just below the "MSIE" block and above the "Safari" block.
> else if ( /Trident\/7.0/ in uparsed_version ) 
>    {
>    if ( /rv:11\.0/ in unparsed_version ) {
>        software_name = "MSIE";
>        v = [$major=11,$minor=0];
>       }
>    }
> Disclaimer: I'm fairly new to working with Bro so this might not be the best way, but it seems to be working for me.
> Thanks!



--
This message was sent by Atlassian JIRA
(v6.2-OD-03#6206)


More information about the bro-dev mailing list