[Bro] Trying to extract HTTP payload
Abhishek Chanda
abhishek.lists at gmail.com
Tue Sep 18 10:23:56 PDT 2012
Hi,
It still does not seem to work, there is nothing in the current
directory. Here is an entry from http.log
1347988766.291078 t3VZX9hEzl7 192.168.10.185 48299 184.172.154.91 80 0 - - - - - 0 1131 200 OK - - - (empty) - - - image/jpeg - -
There are similar entries which do not have a file name.
Thanks
On Tue, Sep 18, 2012 at 10:14 AM, Seth Hall <seth at icir.org> wrote:
>
> On Sep 18, 2012, at 1:08 PM, Abhishek Chanda <abhishek.lists at gmail.com> wrote:
>
>> sudo ./bro -i eth0 "HTTP::extract_file_types=/.jpg/"
>
>
> sudo ./bro -i eth0 "HTTP::extract_file_types=/.*\.jpg/"
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
More information about the Bro
mailing list