[Bro] HTTP Post data
Will Havlovick
will.havlovick at zenimax.com
Fri Mar 9 06:35:03 PST 2012
Very cool!
I will check this out. We have had some interesting data in forms that are being submitted.
Thank you,
Will
-----Original Message-----
From: matthias at vallentin.net [mailto:matthias at vallentin.net] On Behalf Of Matthias Vallentin
Sent: Thursday, March 08, 2012 12:30 PM
To: Will Havlovick
Cc: bro at bro-ids.org
Subject: Re: [Bro] HTTP Post data
> Is there a way to write the data(body) of a HTTP Post request to the
> http.log? Or another log file?
Yes, that's possible. You would have to reassemble the data from the body across the http_entity_* events. Here is an example of how one could do it:
https://github.com/mavam/brospects/blob/master/bro/bodies.bro
Matthias
More information about the Bro
mailing list