Getting matched substrings ???
Yohann Thomas
yohann.thomas at rd.francetelecom.com
Wed Apr 7 02:10:48 PDT 2004
Robin Sommer wrote:
>On Wed, Apr 07, 2004 at 09:17 +0200, Yohann Thomas wrote:
>
>
>
>>*To sum up, I'd like to get some hosts characteristics like : *this host
>>(IP@ W.X.Y.Z) is now running Apache 1.3.29*.
>>
>>
>
>This sounds exactly like what software.bro is doing. Have you tried
>that? (You also need to load http-reply.bro as it doesn't use the
>signature engine but the HTTP decoder).
>
>Robin
>
>
>
Sounds great in fact !!! I've just tested it, and it will help me for
sure. Thanks !!!
Now, next stage will be to get other information contained in URLs, like
sensitive CGIs.
I've just seen http-request.bro implements such features, so I'm having
a look at it...
Yohann.
More information about the Bro
mailing list