[Bro] how to get bro to support utf-8 chars like Chinese in detect-webapps.sig ?
Seth Hall
seth at icir.org
Wed Dec 4 05:21:31 PST 2013
On Dec 4, 2013, at 1:49 AM, Gao Yongwei <itxx00 at gmail.com> wrote:
> Now I want to detect web app by Chinese chars , I've tried to add utf-8 characters in detect-webapp.sig ,but could not get bro work.
Unfortunately Bro doesn't have any form of unicode support yet (we've been talking about this for quite some time but haven't converged on anything quite yet). What you will have to do is expand the unicode characters you're hoping to match into it's constituent bytes. So your signature payload may look like this…
payload /test\xF0\x9F\x92\xA9test/
It's certainly less than ideal, but does that work for you for now?
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131204/04e564bc/attachment.bin
More information about the Bro
mailing list