[Snort-users] Snort URL logging

ALMEIDA Antonio Jose ajalmeida at ...7993...
Tue Jan 14 11:20:08 EST 2003


In my case it's not a waste of time, maybe it's a chalenge. I want to dump
all urls from one host with trinux. I want to send the urls by syslog to
another server. The new urlsnarf version could do that but the one with
trinux doesn't supports filters.

-----Original Message-----
From: Erek Adams [mailto:erek at ...950...]
Sent: terça-feira, 14 de Janeiro de 2003 14:30
To: ALMEIDA Antonio Jose
Cc: 'snort-users at lists.sourceforge.net'
Subject: RE: [Snort-users] Snort URL logging


On Tue, 14 Jan 2003, ALMEIDA Antonio Jose wrote:

> But with urlsnarf i can't filter the source ip, and i really need that.
It's
> impossible to do this with Snort?

Impossible?  No.  Waste of time?  Yes.

Use Snort or Tcpdump to snag all traffic, and use a BPF filter to exclude
what you want.  Then replay that file into urlsnarf.

And just a handy little tip:  Never ask your boss why he was surfing
http://www.flashyourrack.com/ .  That would be a careerlimiting move.  ;-)

-----
Erek Adams

   "When things get weird, the wierd turn pro."   H.S. Thompson




More information about the Snort-users mailing list