[Bro] Bro Script to detect plain text passwords?

[Jeff Hammett]

I recently demo’d Tenable’s Passive Vulnerability Scanner, but found that it wasn’t a good fit for my environment. However it did have one nice feature I liked, the ability to detect passwords sent in plain text.

Does Bro have this functionality? Or would it be feasible to write a script to do so? (I haven’t written any scripts yet, but am interested).

I think I would be most interested in detecting plain text passwords used for http logins, but wouldn’t mind monitoring for other protocols as well.

Jeff