[
https://bro-tracker.atlassian.net/browse/BIT-647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jon Siwek updated BIT-647:
--------------------------
Fix Version/s: (was: 2.4)
> Extend HTTP analyzer to support multiply encoded content.
> ---------------------------------------------------------
>
> Key: BIT-647
> URL: https://bro-tracker.atlassian.net/browse/BIT-647
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Reporter: Seth Hall
> Attachments: http-sdch-gzip.trace
>
>
> When Chrome and other SDCH supporting http clients request content from SDCH
> compatible HTTP servers the response includes a header that looks like this:
> {noformat}
> Content-Encoding: sdch,gzip
> {noformat}
> Bro's HTTP analyzer doesn't currently do substring matches on the
> content-encoding header so the resulting sdch/gzip content is identified as
> gzip only. Two things need to happen here:
> 1. Support substring matches on the content-encoding header to identify
> that the content is gzip encoded.
> 2. Support some notion of the SDCH protocol.
> I think that point 1 should be done for the 2.0 release but point 2 can wait
> until later when we have a better notion of what SDCH support would entail.
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
