[Bro] Parsing HTTP Traffic
anthony kasza
anthony.kasza at gmail.com
Fri Oct 24 10:39:58 PDT 2014
You'll have to reconstruct HTTP bodies and parse the json. There are a few
scripts that do the body reconstruction floating around github.
-AK
On Oct 24, 2014 9:08 AM, "Jamie Gausemel" <jamie.gausemel at gmail.com> wrote:
> Could someone point me in the right direction... I simply need to parse
> out usernames from HTTP packets that look like:
>
> HTTP/1.1 200 OK
> Server: nginx/1.4.2
> Date: Wed, 22 Oct 2014 14:58:11 GMT
> Content-Type: application/json; charset=UTF-8
> Content-Length: 104
> Connection: keep-alive
> Set-Cookie: si=xxxxx; Max-Age=7199; Path=/; expires=Wed, 22-Oct-2014
> 16:58:11 GMT; HttpOnly
>
> {"username": "first.last", "name": "first last", "groups": ["group name
> goes here"]}
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141024/77493f35/attachment.html
More information about the Bro
mailing list