[Bro] Enforce hex encoding in log output
Jesse Bowling
jessebowling at gmail.com
Mon Feb 11 20:38:44 PST 2013
So I wanted some Bro to capture the contents of HTTP POST's, and found in
the archives that Seth had already written such a thing:
module HTTP;
export {
## The number of bytes that will be included in the http
## log from the client body.
const post_body_limit = 1024;
redef record Info += {
post_body: string &log &optional;
};
}
event http_entity_data(c: connection, is_orig: bool, length: count, data:
string)
{
if ( is_orig )
{
if ( ! c$http?$post_body )
c$http$post_body = sub_bytes(data, 0,
post_body_limit);
else if ( |c$http$post_body| < post_body_limit )
c$http$post_body = string_cat(c$http$post_body,
sub_bytes(data, 0, post_body_limit-|c$http$post_body|));
}
}
So now my question is: in the output of the data, can we ensure that ALL
data is hex encoded, even if it's part of the ASCII character set? I need
to put this data into a feed, and not being able to count on a delimiter is
problematic...
Thanks,
Jesse
--
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130211/45b833d2/attachment.html
More information about the Bro
mailing list