Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

http: fix password capture when enabled

Browse source 
The current implementation would only log, if the password contains a
colon, the part before the first colon (e.g., the password
`password:password` would be logged as `password`).

A test has been added to confirm the expected behaviour.
This commit is contained in:
Pierre Lalet 2024-08-28 21:44:39 +02:00
parent 79ebce6e3c
commit 88368ae856
4 changed files with 21 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
scripts/base/protocols/http/main.zeek
View file

@ -338,8 +338,8 @@ event http_header(c: connection, is_orig: bool, name: string, value: string) &pr
if ( /^[bB][aA][sS][iI][cC] / in value )
{
local userpass = decode_base64_conn(c$id, sub(value, /[bB][aA][sS][iI][cC][[:blank:]]+/, ""));
local up = split_string(userpass, /:/);
if ( |up| >= 2 )
local up = split_string1(userpass, /:/);
if ( |up| == 2 )
{
c$http$username = up[0];
if ( c$http$capture_password )