[Bro] Bro signature for detecting iframes
Seth Hall
seth at icir.org
Thu Jan 14 06:11:04 PST 2016
> On Jan 13, 2016, at 1:53 PM, Josh Guild <josh.guild at morphick.com> wrote:
>
> Cool. Doing that for every site just to run a script against sounds like it would melt the box. Ah well, back to the drawing board.
Yeah, it’s one of the general problems with doing parsing of HTML, etc. is that it’s way too easy to melt the box. :) Some of it can be done but it needs to be done in very particular ways. You generally don’t get the opportunity to just blindly load an entire HTML document into memory and parse it into a DOM (unfortunately, because that would be awesome if it was reasonable!).
There is some very early that has been done that lets you parse out various bits from files. For example, I have a script that uses that functionality to parse titles out of webpages and add it to the http log. It does need some more work though, there are some functionality and behavior issues that need corrected.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list