Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 09:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Improve tracking of HTTP file extraction (addresses #988).

Browse source 
http.log now has files taken from request and response bodies in
different fields for each, and can now track multiple files per body.
That is, the "extraction_file" field is now "extracted_request_files"
and "extracted_response_files".
This commit is contained in:
Jon Siwek 2013-05-21 16:42:35 -05:00
parent 3cbef60f57
commit 705a84d688
24 changed files with 235 additions and 174 deletions
Download patch file Download diff file Expand all files Collapse all files

8
testing/btest/scripts/base/protocols/http/multipart-extract.bro Normal file
View file

@ -0,0 +1,8 @@
# @TEST-EXEC: bro -C -r $TRACES/http/multipart.trace %INPUT
# @TEST-EXEC: btest-diff http.log
# @TEST-EXEC: btest-diff http-item-TJdltRTxco1.dat
# @TEST-EXEC: btest-diff http-item-QJO04kPdawk.dat
# @TEST-EXEC: btest-diff http-item-dDH5dHdsRH4.dat
# @TEST-EXEC: btest-diff http-item-TaUJcEIboHh.dat
redef HTTP::extract_file_types += /.*/;