Snort mailing list archives
Re: Help needed writing GET requests
From: "lists () packetmail net" <lists () packetmail net>
Date: Mon, 14 Jul 2014 13:57:49 -0500
Describe, specifically, what you want to match on and I can help. Otherwise your question is too generic to offer any assistance outside of: alert tcp any any -> any any (msg:"GET to some content"; flow:established,to_server; content:"GET"; http_method; content:"some content"; pcre:"/some pattern/"; ... Cheers, Nathan On 07/14/2014 01:52 PM, Sabawoon Mageedzada wrote:
Hello Everyone, I would appreciate if someone can help me with writing a rule that helps me detect GET requests to a web application. I am a new b and I have tried some rules which did not worked. The next step : There will be multiple GET request to a web application, and a dynamic rule that can detect a specific pattern inside the GET request would also help me. These are get request that are suspicions to web application and they are crafted to attack the web application. What types of attack this kind of scenario is ? Also,what output module should I use for my alerts to be human reader. unified2 and fast are all binary, I would like to have a better alert files that would help me read the alert files in /logs directory. using snort 2.9.3 version. Thanks, SF
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck® Code Sight™ - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Help needed writing GET requests Sabawoon Mageedzada (Jul 14)
- Re: Help needed writing GET requests lists () packetmail net (Jul 14)