[Bro] Bro sqli + xss sans paper

Alex Kefallonitis al.kefallonitis at gmail.com
Wed May 31 01:56:55 PDT 2017


Anyone knows how to change it? Thanks in advanced

2017-05-30 19:48 GMT+03:00 Johanna Amann <johanna at icir.org>:

> Sorry for the slow reply, I hope that this is still useful after this
> while.
>
> In any case, http$first_chunk was removed in Bro 2.2; the script needs to
> be rewritten with the new http events.
>
> Johanna
>
> On Tue, Apr 11, 2017 at 02:10:08PM +0300, Alex Kefallonitis wrote:
> > I am trying to add the two scripts for sqli and xss from this paper
> > https://www.sans.org/reading-room/whitepapers/detection/
> web-application-attack-analysis-bro-ids-34042
> >
> > but i get this error HTTP::c$http$first_chunk no such a field in
> record...
> > Anyone knows what is happening?
> >
> >
> > Thanks in advanced.
>
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170531/99b10a6b/attachment.html 


More information about the Bro mailing list