Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/Traces/http
History
Exact
Arne Welzel 377fd711bd HTTP: Implement FlipRoles() 
When Zeek flips roles of a HTTP connection subsequent to the HTTP analyzer
being attached, that analyzer would not update its own ContentLine analyzer
state, resulting in the wrong ContentLine analyzer being switched into
plain delivery mode.

In debug builds, this would result in assertion failures, in production
builds, the HTTP analyzer would receive HTTP bodies as individual header
lines, or conversely, individual header lines would be delivered as a
large chunk from the ContentLine analyzer.

PCAPs were generated locally using tcprewrite to select well-known-http ports
for both endpoints, then editcap to drop the first SYN packet.

Kudos to @JordanBarnartt for keeping at it.

Closes #3789
2024-07-04 11:38:33 +02:00
..
100-continue.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
206_example_a.pcap FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
206_example_b.pcap FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
206_example_c.pcap FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
1000-requests-one-dropped-response.pcap.gz http: Prevent request/response de-synchronization and unbounded state growth 2023-08-28 15:02:58 +02:00
basic-auth-with-extra-space.trace Merge branch 'master' of https://github.com/progmboy/zeek 2023-06-27 18:21:34 +02:00
bro.org-filtered.pcap Add script to detect filtered TCP traces, addresses BIT-1119. 2014-01-31 17:04:58 -06:00
bro.org.pcap Add unit tests for new Bro Manual docs. 2014-01-21 16:01:55 -06:00
byteranges.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
concurrent-range-requests-complete.pcap frameworks/notice: Handle fa_file with no or more than a single connection better 2022-12-06 11:17:30 +01:00
concurrent-range-requests.pcap files.log: Unroll and introduce uid and id fields 2022-08-16 17:22:20 +02:00
connect-with-header.trace Fix support for HTTP connect when server adds headers to response. 2015-10-23 13:10:33 -07:00
connect-with-smtp.trace HTTP CONNECT proxy support. 2014-02-12 22:38:59 -05:00
content-range-gap-skip.trace Fix incorrect data delivery skips after gap in HTTP Content-Range. 2014-09-11 14:53:47 -05:00
content-range-gap.trace Fix file analysis placement of data after gap in HTTP Content-Range. 2014-09-11 12:25:43 -05:00
content-range-less-than-len.pcap BIT-1926: add unit tests for misc. HTTP patches 2018-05-08 15:39:27 -05:00
curl_http_09.pcap http: Heuristic around rejecting malformed HTTP/0.9 traffic 2022-11-18 18:19:58 +01:00
deeply-nested-mime.pcap MIME: Cap nested MIME analysis depth to 100 2024-01-17 10:18:13 -07:00
entity_gap.trace Raise http_entity_data in line with data arrival. 2014-09-10 13:20:47 -05:00
entity_gap2.trace Fix issue w/ TCP reassembler not delivering some segments. 2014-09-11 10:47:56 -05:00
fake-content-length.pcap BIT-1926: add unit tests for misc. HTTP patches 2018-05-08 15:39:27 -05:00
flash-version.trace Adding tests for Flash version parsing and plugin detection. 2015-07-30 07:23:14 -07:00
get-gzip.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
get.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
get_nosyn.trace Initial implementation of Lower-Level analyzers 2020-09-23 11:13:25 -07:00
http-09-content-length-confusion.pcap HTTP: Reset reply_message for HTTP/0.9 2023-03-13 14:13:50 +01:00
http-11-request-then-cruft.pcap testing/http: http-11-request-then-cruft 2023-01-26 19:59:39 +01:00
http-bad-content-range-01.pcap HTTP: Make Content-Range parsing more robust 2023-03-13 18:00:39 +01:00
http-bad-request-with-version.trace updated weird message and tests 2016-03-04 18:03:24 -05:00
http-body-match.pcap Test how the signature framework matches HTTP body 2023-11-03 15:28:15 +01:00
http-desync-request-response-5.pcap http: Prevent request/response de-synchronization and unbounded state growth 2023-08-28 15:02:58 +02:00
http-filename.pcap Additional test specifically for the HTTP filename handling. 2016-06-15 01:56:07 -04:00
http-large-gap.pcap Add extract_limit_includes_missing option for file extraction 2023-09-14 12:11:42 -07:00
http-post-large.pcap Add speculative service script. 2019-08-29 11:47:04 +02:00
http_09.pcap http: Heuristic around rejecting malformed HTTP/0.9 traffic 2022-11-18 18:19:58 +01:00
http_large_req_8001.pcap Change HTTP's DPD signatures so that each side can trigger the analyzer on its own. 2020-09-08 07:33:36 +00:00
interleaved-http-entity.pcap http: Prevent script errors when http$current_entity is not set 2022-09-26 10:18:24 +02:00
iso-download.pcap.gz signatures: Fix ISO 9960 signature 2024-02-22 12:37:40 +01:00
methods.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
missing-zlib-header.pcap Fixes an issue with missing zlib headers on deflated HTTP content. 2015-05-18 14:30:32 -04:00
multipart-form-data.pcap GH-1100: Fix reported body-length of HTTP messages w/ sub-entities 2020-08-04 14:21:03 -07:00
multipart.trace Fix HTTP multipart body file analysis. 2013-05-21 15:35:22 -05:00
no-uri.pcap GH-977: Improve pcap error handling 2020-06-08 18:11:58 -07:00
no-version.pcap Tweaking how HTTP requests without URIs are handled. 2016-01-15 12:59:11 -08:00
no_crlf.pcap Fix HTTP evasion 2021-07-23 09:28:29 +02:00
percent-end-of-line.pcap Better handling of % at end of line. 2017-07-27 22:04:47 -07:00
pipelined-requests.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
post.trace FileAnalysis: add unit tests covering current protocol integration. 2013-03-19 15:50:05 -05:00
proxy.pcap Add unit tests for new Bro Manual docs. 2014-01-21 16:01:55 -06:00
putty-upload.pcap intel/seen/file-names: Use file_over_new_connection() 2023-01-10 10:10:28 +01:00
version-mismatch.pcap testing/http: Add pcap extracted from m5-long external test-suite 2023-01-26 19:59:39 +01:00
vnd.ms-cab-compressed-multi-conn.pcap test-all-policy: Do not load iso-9660.zeek 2024-02-26 17:58:26 +01:00
websocket.pcap HTTP: Recognize and skip upgrade/websocket connections. 2017-08-04 07:04:28 -07:00
x-gzip.pcap BIT-1926: add unit tests for misc. HTTP patches 2018-05-08 15:39:27 -05:00
zeek-image-1080-80-x.pcap HTTP: Implement FlipRoles() 2024-07-04 11:38:33 +02:00
zeek-image-post-1080-8000-x.pcap HTTP: Implement FlipRoles() 2024-07-04 11:38:33 +02:00
zero-length-bodies-with-drops.pcap Fix an issue with packet loss in http file reporting. 2015-04-08 13:39:42 -04:00