[Snort-devel] example of decoder and preprocessor rules

Al Lewis (allewi) allewi at ...3461...
Fri Aug 21 09:04:45 EDT 2015

The snort download has examples included. The example is also here: http://manual.snort.org/node40.html

Also… you should  checkout snort++ (Snort3) which has made it easier to make custom plugin modules.

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...3461...

From: M. Ridwan Zalbina [mailto:zalbinaridwan at ...2499...]
Sent: Friday, August 21, 2015 12:48 AM
To: snort-devel at lists.sourceforge.net
Subject: [Snort-devel] example of decoder and preprocessor rules

Hello everyone,
I do a research about detection system based on snort for detecting
web attack(http protocol) like xss and injection(sqli)
which combine preprocessor and detection engine in snort.

In detection engine i already made it and use some approach using
regular expression
I want to make some rule or decision about packet anomaly in http_inspect preprocessor.

I've already read about the example of DECODER AND PREPROCESSOR rules, and it's just show one example...

For that reason, is anybody have a suggestion about this or anyone made this before.. ?

Sorry for my bad words..
M. Ridwan Zalbina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150821/55452ca9/attachment.html>

More information about the Snort-devel mailing list