[Bro] Learning the Bro Scripting Language Part 3 - Detecting basic auth and going from evidence to practical use in Bro
Matthias Vallentin
vallentin at icir.org
Fri May 4 12:09:57 PDT 2012
> I sent the first post of the series to the mailing list and got a
> decent response from people who were interested in learning Bro's
> scripting language.
Nice work, Scott!
One small comment: "Three lines of Bro's scripting language and we can
detect a server using Basic Access Authentication!"
It's actually just one line [1]:
redef HTTP::default_capture_password = T;
This automatically creates a new column password in the http.log with
the password value, if available.
Keep the posts coming!
Matthias
[1] http://git.bro-ids.org/bro.git/blob/HEAD:/scripts/base/protocols/http/main.bro#l233
More information about the Bro
mailing list