Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 13:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Update the SOCKS analyzer to support user/pass login.

Browse source 
- This addresses BIT-1011
 - Add a new field to socks.log; "password".
 - Two new events; socks_login_userpass and socks_login_reply.
 - One new weird for unsupported authentication method.
 - A new test for authenticated socks traffic.
 - Credit to Nicolas Retrain for the initial patch.  Thanks!
This commit is contained in:
Seth Hall 2015-02-05 12:44:10 -05:00
parent 565ad360c6
commit 9592f64225
11 changed files with 162 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

5
testing/btest/scripts/base/protocols/socks/socks-auth.bro Normal file
View file

@ -0,0 +1,5 @@
# @TEST-EXEC: bro -r $TRACES/socks-auth.pcap %INPUT
# @TEST-EXEC: btest-diff socks.log
# @TEST-EXEC: btest-diff tunnel.log
@load base/protocols/socks