[Bro] ActiveHTTP
Dave Crawford
bro at pingtrip.com
Sat Jan 28 11:53:45 PST 2017
Interestingly your test script works as expected when run as:
bro b.bro
But if I pass it a PCAP it exhibits the same condition where the when loop isn’t entered:
bro -r test.pcap b.bro
This is the test PCAP I was testing with:
https://github.com/LiamRandall/BroTraining-Montreal/raw/master/signature-framework/1-mswab_yayih/Mswab_Yayih_FD1BE09E499E8E380424B3835FC973A8_2012-03.pcap
-Dave
> On Jan 28, 2017, at 2:39 PM, Azoff, Justin S <jazoff at illinois.edu> wrote:
>
>
>> On Jan 28, 2017, at 2:32 PM, Dave Crawford <bro at pingtrip.com> wrote:
>>
>> Hi Justin,
>>
>> I responded with a follow-up to my original email and temp files are there because I have ‘exit_only_after_terminate’ set to true, so it pauses until I ctrl-c and the tmp files are then deleted.
>>
>> -Dave
>
> No, the files are there because something went wrong along the way. Is bro writing out a reporter.log?
>
> The code normally works fine, something is broken in your environment.
>
> $ cat b.bro
> redef exit_only_after_terminate=T;
> when ( local resp = ActiveHTTP::request([$url="https://www.google.com/"]) )
> {
> print resp;
> terminate();
> }
> $ bro --version
> bro version 2.5
> $ bro b.bro
> [code=200, msg=OK\x0d, body=<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en">
>
>
> --
> - Justin Azoff
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170128/fd5ac4eb/attachment.html
More information about the Bro
mailing list