[Bro] Extracting files by ip address
Seth Hall
seth at icir.org
Fri Oct 26 07:12:17 PDT 2012
We received a question off-list recently about extracting files and I wanted to put this script out there for more people than the one person I wrote it for. It's for extracting files from HTTP transfers by host address. I think it's a good example of how many of the base scripts were written to be extended.
I'll include a little example of how to use it here:
@load http-extract-files-from-addrs
redef HTTP::extract_files_from += { 1.2.3.4 };
-------------- next part --------------
A non-text attachment was scrubbed...
Name: http-extract-files-from-addrs.bro
Type: application/octet-stream
Size: 418 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20121026/fd629bd9/attachment.obj
-------------- next part --------------
Have fun!
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list