[Bro] alternative for lookup_hostname_txt
Seth Hall
seth at icir.org
Wed May 14 13:21:37 PDT 2014
On May 14, 2014, at 2:41 PM, daniel.guerra69 <daniel.guerra69 at gmail.com> wrote:
> I'm working with bro in an protected network where
> I can't do dns requests. I want to lookup malware with
> malware.hash.cymru.com with a http request but
> I can't find any function for this. I could make my own
> script and activate it with piped_exec, but would I be
> able to read the scripts stdout ?
A small modification from our test suite...
(more generally take a look at scripts/base/utils/active-http.bro)
@load base/utils/active-http
event bro_init()
{
local req = ActiveHTTP::Request($url="http://google.com");
when ( local resp = ActiveHTTP::request(req) )
{
print resp;
}
timeout 1min
{
print "HTTP request timeout";
}
}
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140514/b7a4133e/attachment.bin
More information about the Bro
mailing list