[Bro] Parsing HTTP Traffic
Nicholas Weaver
nweaver at ICSI.Berkeley.EDU
Fri Oct 24 10:46:30 PDT 2014
> On Oct 24, 2014, at 10:39 AM, anthony kasza <anthony.kasza at gmail.com> wrote:
>
> You'll have to reconstruct HTTP bodies and parse the json. There are a few scripts that do the body reconstruction floating around github.
>
> -AK
The other option if things are always the same is to just use a couple of regular expressions to indicate where the data should be.
--
Nicholas Weaver it is a tale, told by an idiot,
nweaver at icsi.berkeley.edu full of sound and fury,
510-666-2903 .signifying nothing
PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc
More information about the Bro
mailing list