[Snort-sigs] Need help with Snort Rule for a HTTP GET parameter and pattern matching.
sabawoon.majeedzada at ...2420...
Thu Jul 31 08:46:58 EDT 2014
I would appreciate if anyone can help me out with my snort rule.
I would like generate a snort rule that can detected a HTTP get paramter.
alert tcp any any -> any 80 (msg:"HTTP GET paramater"; content:"GET";
Right now when I type in http://www.example.com/index.php?action=login I do
not get a alert generated using the rule above.
Or how to detect if GET HTTP method with a specific parameter been used or
passed a value.
Secondly, how to write a simple pattern that can detect a specific string
or number pattern has been passed to this GET parameter. Just a example
pattern guidance would be nice.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs