mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 08:08:19 +00:00
Fix HTTP evasion
- Happen when there is no CRLF at the end of HTTP
- Fix by adding CRLF when packet is complete (in relation to content-length in header)
This commit is contained in:
jerome Grandvalet
parent
9383c926ad
commit
8cabecec40
8 changed files with 74 additions and 0 deletions
10
testing/btest/scripts/base/protocols/http/http-no-crlf.zeek
Normal file
10
testing/btest/scripts/base/protocols/http/http-no-crlf.zeek
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
# This tests that the HTTP analyzer handles HTTP with no CRLF at end correctly.
|
||||
|
||||
# @TEST-EXEC: zeek -b -r $TRACES/http/no_crlf.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff conn.log
|
||||
# @TEST-EXEC: btest-diff http.log
|
||||
# @TEST-EXEC: test ! -f weird.log
|
||||
|
||||
@load base/protocols/conn
|
||||
@load base/protocols/http
|
||||
@load base/frameworks/dpd
|
||||
Loading…
Add table
Add a link
Reference in a new issue