[Bro] HTTP plus Compression File Extraction
anthony kasza
anthony.kasza at gmail.com
Mon Apr 27 10:57:57 PDT 2015
Nevermind! I was looking at corrupted gzip content being transmitted over
HTTP with gzip encoding. The HTTP encoding is handled properly by Bro. My
content was the issue.
-AK
On Apr 25, 2015 10:08 PM, "Seth Hall" <seth at icir.org> wrote:
>
> > On Apr 26, 2015, at 12:54 AM, anthony kasza <anthony.kasza at gmail.com>
> wrote:
> >
> > It's absolutely the most sane case. As usual I have a specific use case
> in mind. When the gzip contents are corrupted I'd like to attempt to
> recover portions of whatever was transferred. I'll try to find an example
> trace...
>
> I may have just fixed the problem recently that you’re seeing. There is
> an issue where some web servers don’t set all of the deflate headers
> correctly and Bro has never dealt with this right, but I fixed it recently,
> I just have to find where I put it, I don’t think I ever pushed it out to
> git.
>
> Does this sound like the problem you’re seeing?
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150427/b97bd0f4/attachment.html
More information about the Bro
mailing list