[Bro-Dev] [JIRA] (BIT-647) Extend HTTP analyzer to support multiply encoded content.
Jon Siwek (JIRA)
jira at bro-tracker.atlassian.net
Tue Mar 17 09:13:00 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jon Siwek updated BIT-647:
--------------------------
Fix Version/s: (was: 2.4)
> Extend HTTP analyzer to support multiply encoded content.
> ---------------------------------------------------------
>
> Key: BIT-647
> URL: https://bro-tracker.atlassian.net/browse/BIT-647
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Reporter: Seth Hall
> Attachments: http-sdch-gzip.trace
>
>
> When Chrome and other SDCH supporting http clients request content from SDCH compatible HTTP servers the response includes a header that looks like this:
> {noformat}
> Content-Encoding: sdch,gzip
> {noformat}
> Bro's HTTP analyzer doesn't currently do substring matches on the content-encoding header so the resulting sdch/gzip content is identified as gzip only. Two things need to happen here:
> 1. Support substring matches on the content-encoding header to identify that the content is gzip encoded.
> 2. Support some notion of the SDCH protocol.
> I think that point 1 should be done for the 2.0 release but point 2 can wait until later when we have a better notion of what SDCH support would entail.
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
More information about the bro-dev
mailing list