[Snort-users] Snort URL logging
ALMEIDA Antonio Jose
ajalmeida at ...7993...
Tue Jan 14 11:20:08 EST 2003
In my case it's not a waste of time, maybe it's a chalenge. I want to dump
all urls from one host with trinux. I want to send the urls by syslog to
another server. The new urlsnarf version could do that but the one with
trinux doesn't supports filters.
From: Erek Adams [mailto:erek at ...950...]
Sent: terça-feira, 14 de Janeiro de 2003 14:30
To: ALMEIDA Antonio Jose
Cc: 'snort-users at lists.sourceforge.net'
Subject: RE: [Snort-users] Snort URL logging
On Tue, 14 Jan 2003, ALMEIDA Antonio Jose wrote:
> But with urlsnarf i can't filter the source ip, and i really need that.
> impossible to do this with Snort?
Impossible? No. Waste of time? Yes.
Use Snort or Tcpdump to snag all traffic, and use a BPF filter to exclude
what you want. Then replay that file into urlsnarf.
And just a handy little tip: Never ask your boss why he was surfing
http://www.flashyourrack.com/ . That would be a careerlimiting move. ;-)
"When things get weird, the wierd turn pro." H.S. Thompson
More information about the Snort-users