[Bro] Unanswered http post

Jim Mellander jmellander at lbl.gov
Mon Jul 7 10:32:46 PDT 2014


The attached policy performs regular expression matching on http post
bodies, and raises a notice on regular expression match.  By default it
looks for passwd|password (upper or lower case) in the body - not quite
exactly what you requested, but should get you part of the way.

Hope this helps



On Mon, Jul 7, 2014 at 8:21 AM, daniel.guerra69 <daniel.guerra69 at gmail.com>
wrote:

> Hi,
>
> I have an unanswered HTTP post, this post contains username and
> password. The dpd signature only works when the post is answered.
> Is there a way to deal with this ? I would like to see it in my http.log.
>
> Regards,
>
> Daniel
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140707/3c0153e5/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: http-sensitive_POSTs.bro
Type: application/octet-stream
Size: 2889 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140707/3c0153e5/attachment.obj 


More information about the Bro mailing list