[Bro] extract jar files from HTTP stream
drum
drummachina at tdhack.com
Sun Dec 29 11:25:41 PST 2013
Hello,
Is there a tutorial for version 2.2 of BRO? I'd like to understand how can
I write my own scripts to support extraction of verious files, like jar. So
far I tried adding "application/jar" (it was logged to
/nsm/bro/logs/current/files.
log) as mime type to /opt/bro/share/bro/file-extraction/extract.bro file
but it seems I have to do something else too as this change is not
capturing files to /nsm/bro/extracted/ directory.
I guess it's not simple as that ;) I should also mention that I am using
BRO installed within SecurityOnion distro. I posted this question there
too, but got reply with links to version 2.1 which is not compatible with
2.2.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131229/f6b4be4b/attachment.html
More information about the Bro
mailing list