[Snort-sigs] Possible to develop rules which will tamper http headers with Snort?

benoni.martin at ...406... benoni.martin at ...406...
Mon Apr 22 06:38:07 EDT 2002


Hi, community !
I would like to know if there is a way or not to catch information
(requested URL, IP adress source, IP adress destination, browser used,..and
login). For the 3 first things, no problem, but I was wondering if Snort
language allows grasping in clear text (not in Base 64) the login of
company's users, and allows as well to display the browser used?
Dsniif seems good, but I would need to set up a tool to filter, log, and
bring up that to an interface...
As SnortSnarf is beautiful :), it would be good to know if Snort itself
allows to grasp the above information...
Thaks in advance!



*************************************************************************
Ce message et toutes les pieces jointes (ci-apres le "message") sont
confidentiels et etablis a l'intention exclusive de ses destinataires.
Toute utilisation ou diffusion non autorisee est interdite. 
Tout message electronique est susceptible d'alteration. 
La SOCIETE GENERALE et ses filiales declinent toute responsabilite au 
titre de ce message s'il a ete altere, deforme ou falsifie.
				********
This message and any attachments (the "message") are confidential and
intended solely for the addressees.
Any unauthorised use or dissemination is prohibited. 
E-mails are susceptible to alteration.   
Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates 
shall be liable for the message if altered, changed or falsified. 

*************************************************************************





More information about the Snort-sigs mailing list