[Snort-users] Re:Extracting URLS from snort logs

S. sleepy at ...7582...
Wed Jan 1 14:24:39 EST 2003


I havent written such a thing, the closest thing I wrote was using libipq on linux to process packets in user space, I programmed it to block http traffic that doesnt have a GET or post REQUEST, although this is easily worked around, it was just done for demonstration for a company I worked for. unfortunately I did not keep the code .anyway, I am working on ACID-XML for unix, and the xml parsing is done, including the packet payload so you might find this useful when I release it.

Good luck to you

  ----- Original Message ----- 
  From: Mahdi Kefaiati 
  To: S. 
  Cc: Snort Users 
  Sent: Tuesday, December 31, 2002 9:36 PM
  Subject: Re: [Snort-users] Re:Extracting URLS from snort logs

  In the Name of the Dearest

  Hi My Friend;

  I'm completely aware of all you said and I know how to program to gain what I want. The thing I wanted to know is that any body here knows, or has written such a handy script that makes all the things go well. I'm not going to invent the wheel for the second time ;).Please tell me if you or any of your friends know about such a program or script.


  Mahdi Kefayati

  Do you Yahoo!?
  Yahoo! Mail Plus - Powerful. Affordable. Sign up now
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030101/fc2430a8/attachment.html>

More information about the Snort-users mailing list