[Zeek] Raw HTTP Headers
Andrew Klaus
andrew at aklaus.ca
Tue Aug 27 19:01:52 PDT 2019
Thanks Seth!
I was hoping to have a new Zeek script written for the Zeek contest, but it
doesn't look like modules that need source code modifications will be
considered.
Andrew
On Tue, Aug 27, 2019 at 7:02 PM Seth Hall <seth at corelight.com> wrote:
> I believe that this isn't available since (as your already discovered),
> the analyzer strips whitespace. The only option would be to modify the
> analyzer or write a new one.
>
> .Seth
>
> On 25 Aug 2019, at 0:32, Andrew Klaus wrote:
>
> > Hello,
> >
> > I'd like to write a script for HTTP requests, but I need the raw and
> > untruncated headers to do this. I can't seem to find an event that
> > will
> > give me this data to work with. I've looked at http_all_headers and
> > http_header, but they still strip whitespace.
> >
> > Is there any (current) way of doing this? It'd be nice to be able to
> > do
> > this without having to modify the analyzer.
> >
> > Thanks!
> > Andrew
> > _______________________________________________
> > Zeek mailing list
> > zeek at zeek.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
> --
> Seth Hall * Corelight, Inc * www.corelight.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190827/56971b3a/attachment.html
More information about the Zeek
mailing list