[Bro] Bro programming intro
Tritium Cat
tritium.cat at gmail.com
Mon Mar 18 17:03:55 PDT 2013
Hello.
I want to modify the SQL Injection detection in
policy/protocols/http/detect-sqli.bro to include a vector that tracks the
associated http request uids and includes them in an additional log field.
After getting it working I would like to apply it generally to other
Notices such as SSH Password_Guessing.
How this should be implemented ? I do not understand how the timing and
garbage collection or expiration of Vals? works. I do not know what is
possible from the scripting layer versus modifying the base or policy
scripts.
Reading the source and docs helps but I could use some pointers to help
accelerate the process.
Thanks !
--TC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130318/209883d7/attachment.html
More information about the Bro
mailing list