Snort mailing list archives
Re: base64 for http_inspect
From: Bhagya Bantwal <bbantwal () sourcefire com>
Date: Mon, 2 Aug 2010 10:21:43 -0400
Base64 decoding for HTTP is implemented using the rule options base64_decode and base64_data (Please refer to the snort manual for more information). We will update the README.http_inspect and remove the following obsolete documentation. -B On Fri, Jul 30, 2010 at 3:41 PM, Paul Schmehl <pschmehl_lists () tx rr com>wrote:
Would someone please explain this statement in the README.http_inspect doc for snort 2.8.6.1? --Options Available Under Stateful Inspection-- * base64 [yes/no] * Enables base64 decoding of certain fields where stateful inspection determines that base64 encoding is present. I've tried the following: Adding base64 yes to the global config - fails Adding base64 yes to a server profile - fails Adding a separate line as follows: preprocessor http_inspect: stateful inspection base64 yes - fails How do you implement base64 decoding for http_inspect? -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- base64 for http_inspect Paul Schmehl (Jul 30)
- Re: base64 for http_inspect Joel Esler (Jul 30)
- Re: base64 for http_inspect Bhagya Bantwal (Aug 02)
- Re: base64 for http_inspect Paul Dokas (Aug 02)
- Re: base64 for http_inspect Bhagya Bantwal (Aug 02)
- Re: base64 for http_inspect Paul Dokas (Aug 02)