[Bro] Obtain a MD5 hash from a file in disk

Luis Martin Liras martin.liras at gmail.com
Wed May 11 02:03:41 PDT 2016


Hi there,

I need some help to obtain a MD5 hash of file. But not a file obtained 
from an HTTP stream. I have my own network payload I have written to disk:


                 f=open(payload_filename);
                 if (write_file(f, payload))
                 {
                         close(f);
                 }

in this case the file handler "f" is of type "file".


I tried adding it to an MD5 analyzer:

                         #Files::add_analyzer(f, Files::ANALYZER_MD5);

However this request needs a "fa_file" record, associated with a stream 
not a "file" handler...

Anyone can explain how can I obtain a MD5 hash from a file in disk?

Thank you!



More information about the Bro mailing list