[Snort-users] extracting urls from the alerts
gyoo at ...4371...
Tue Dec 17 13:51:04 EST 2002
you can read from captured files dsniff <syntax> r|w /filename/
Shane Williams wrote:
> The dsniff set of tools contains a program called urlsnarf that pulls
> out HTTP requests in a style similar to the combined apache access
> logs. I don't think it will read from capture files, though, so
> you'll have to have it running alongside snort.
> On Sat, 14 Dec 2002, Mahdi Kefaiati wrote:
>>In the Name of the Dearest
>>I wonder how can I extract URL's from alerts; special
>>intrest is urls which triggered porn rules. I want to
>>have the list in a readable format, i.e. a text file
>>which is the list of the noted URL's.
"they call me the worm..."
More information about the Snort-users