[Bro] Extracting content types of the HTTP responses
Seth Hall
seth at icir.org
Mon Oct 22 06:39:17 PDT 2012
On Oct 21, 2012, at 9:37 PM, Po-Ching Lin <pachinko.tw at gmail.com> wrote:
> In the file, the
> content type of the second response is "application/x-javascript," but
> Bro (ver. 2.1) simply records "text/plain" for the response in the http.log.
> Please suggest how we can make Bro record the accurate content type in
> the log. Many thanks.
Our mime_type field in the HTTP field is not the value of the Content-Type header. It's from examining the content of the file. You can use the script I attached to this email if you want the value of the Content-Type header.
.Seth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: http-content-type.bro
Type: application/octet-stream
Size: 218 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20121022/96b6eee7/attachment.obj
-------------- next part --------------
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list