Re: Issue while detecting patterns in a simple HTTP Page [Web client based]

[waldo kitty <wkitty42 () windstream net>]

On 11/21/2010 13:59, Sujit Ghosal wrote:
> Hey Guys,
>      I have installed Snort v2.8.x in FC-13//Ubuntu v10.10 and everything got
> installed/configured (installed through Redhat Package Manager//Synaptic Package
> Manager) successfully. But while writing a rule to detect a simple pattern
> inside HTML body, snort is failing to do so! If I check for the HTTP MIME
> headers only i.e. "Content-Type:", "Via:" etc. then snort detects those patterns
> flawlessly. Even I wrote a simple rule to detect GET requests over $HTTP_PORTS
> and its working fine.

can you post the rule that you have that is not working??

> But while it comes to check for the contents inside the HTML body (client side
> web pages) entity then snort is not even detecting a single <html> tag. I guess,
> its an issue with any preprocessors, but I have no idea that which preprocessor
> could be creating such issues.

we might need to see your snort.conf file, too... but let's look at your rule 
first ;)

> I am fully stuck in that place and not able to figure out that how I should fix
> this silly problem.
>
> Please help. Any help would be more appreciated.

we will do what we can :)

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users