[Snort-users] Issue while detecting patterns in a simple HTTP Page [Web client based]

Sujit Ghosal thesujit at ...11827...
Sun Nov 21 13:59:23 EST 2010


Hey Guys,
    I have installed Snort v2.8.x in FC-13//Ubuntu v10.10 and everything got
installed/configured (installed through Redhat Package Manager//Synaptic
Package Manager) successfully. But while writing a rule to detect a simple
pattern inside HTML body, snort is failing to do so! If I check for the HTTP
MIME headers only i.e. "Content-Type:", "Via:" etc. then snort detects those
patterns flawlessly. Even I wrote a simple rule to detect GET requests over
$HTTP_PORTS and its working fine.

But while it comes to check for the contents inside the HTML body (client
side web pages) entity then snort is not even detecting a single <html> tag.
I guess, its an issue with any preprocessors, but I have no idea that which
preprocessor could be creating such issues.

I am fully stuck in that place and not able to figure out that how I should
fix this silly problem.

Please help. Any help would be more appreciated.

Thanks,
Sujit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101122/be72c68b/attachment.html>


More information about the Snort-users mailing list