[Bro] alternative for lookup_hostname_txt

Seth Hall seth at icir.org
Wed May 14 13:21:37 PDT 2014

On May 14, 2014, at 2:41 PM, daniel.guerra69 <daniel.guerra69 at gmail.com> wrote:

> I'm working with bro in an protected network where
> I can't do dns requests. I want to lookup malware with
> malware.hash.cymru.com with a http request but
> I can't find any function for this. I could make my own
> script and activate it with piped_exec, but would I be
> able to read the scripts stdout ?

A small modification from our test suite...  
(more generally take a look at scripts/base/utils/active-http.bro)

@load base/utils/active-http
event bro_init()
	local req = ActiveHTTP::Request($url="http://google.com");

	when ( local resp = ActiveHTTP::request(req) )
		print resp;
	timeout 1min
		print "HTTP request timeout";


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140514/b7a4133e/attachment.bin 

More information about the Bro mailing list