[Bro] Unanswered http post
Jim Mellander
jmellander at lbl.gov
Mon Jul 7 10:32:46 PDT 2014
The attached policy performs regular expression matching on http post
bodies, and raises a notice on regular expression match. By default it
looks for passwd|password (upper or lower case) in the body - not quite
exactly what you requested, but should get you part of the way.
Hope this helps
On Mon, Jul 7, 2014 at 8:21 AM, daniel.guerra69 <daniel.guerra69 at gmail.com>
wrote:
> Hi,
>
> I have an unanswered HTTP post, this post contains username and
> password. The dpd signature only works when the post is answered.
> Is there a way to deal with this ? I would like to see it in my http.log.
>
> Regards,
>
> Daniel
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140707/3c0153e5/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: http-sensitive_POSTs.bro
Type: application/octet-stream
Size: 2889 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140707/3c0153e5/attachment.obj
More information about the Bro
mailing list