[Snort-users] extracting urls from the alerts

Gene gyoo at ...4371...
Tue Dec 17 13:51:04 EST 2002

you can read from captured files dsniff <syntax> r|w /filename/

Shane Williams wrote:
> The dsniff set of tools contains a program called urlsnarf that pulls
> out HTTP requests in a style similar to the combined apache access
> logs.  I don't think it will read from capture files, though, so
> you'll have to have it running alongside snort.
> On Sat, 14 Dec 2002, Mahdi Kefaiati wrote:
>>In the Name of the Dearest
>>Hi there
>>I wonder how can I extract URL's from alerts; special
>>intrest is urls which triggered porn rules. I want to
>>have the list in a readable format, i.e. a text file
>>which is the list of the noted URL's.
>>Mahdi Kefayati

"they call me the worm..."

More information about the Snort-users mailing list