[Snort-users] Issue while detecting patterns in a simple HTTP Page [Web client based]

waldo kitty wkitty42 at ...14940...
Sun Nov 21 20:13:57 EST 2010

On 11/21/2010 13:59, Sujit Ghosal wrote:
> Hey Guys,
>      I have installed Snort v2.8.x in FC-13//Ubuntu v10.10 and everything got
> installed/configured (installed through Redhat Package Manager//Synaptic Package
> Manager) successfully. But while writing a rule to detect a simple pattern
> inside HTML body, snort is failing to do so! If I check for the HTTP MIME
> headers only i.e. "Content-Type:", "Via:" etc. then snort detects those patterns
> flawlessly. Even I wrote a simple rule to detect GET requests over $HTTP_PORTS
> and its working fine.

can you post the rule that you have that is not working??

> But while it comes to check for the contents inside the HTML body (client side
> web pages) entity then snort is not even detecting a single <html> tag. I guess,
> its an issue with any preprocessors, but I have no idea that which preprocessor
> could be creating such issues.

we might need to see your snort.conf file, too... but let's look at your rule 
first ;)

> I am fully stuck in that place and not able to figure out that how I should fix
> this silly problem.
> Please help. Any help would be more appreciated.

we will do what we can :)

More information about the Snort-users mailing list