[Snort-users] extracting urls from the alerts

Shane Williams shanew at ...5387...
Tue Dec 17 07:53:10 EST 2002


The dsniff set of tools contains a program called urlsnarf that pulls
out HTTP requests in a style similar to the combined apache access
logs.  I don't think it will read from capture files, though, so
you'll have to have it running alongside snort.

On Sat, 14 Dec 2002, Mahdi Kefaiati wrote:

> In the Name of the Dearest
> Hi there
> I wonder how can I extract URL's from alerts; special
> intrest is urls which triggered porn rules. I want to
> have the list in a readable format, i.e. a text file
> which is the list of the noted URL's.
> 
> regards
> Mahdi Kefayati

-- 
Public key #7BBC68D9 at            |                 Shane Williams
http://pgp.mit.edu/                | Systems Administrator UT-GSLIS
=----------------------------------+-------------------------------
All syllogisms contain three lines |        shanew at ...6911...
Therefore this is not a syllogism  |   www.gslis.utexas.edu/~shanew






More information about the Snort-users mailing list