[ https://bro-tracker.atlassian.net/browse/BIT-647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jon Siwek updated BIT-647: -------------------------- Fix Version/s: (was: 2.4) > Extend HTTP analyzer to support multiply encoded content. > --------------------------------------------------------- > > Key: BIT-647 > URL: https://bro-tracker.atlassian.net/browse/BIT-647 > Project: Bro Issue Tracker > Issue Type: Problem > Components: Bro > Reporter: Seth Hall > Attachments: http-sdch-gzip.trace > > > When Chrome and other SDCH supporting http clients request content from SDCH > compatible HTTP servers the response includes a header that looks like this: > {noformat} > Content-Encoding: sdch,gzip > {noformat} > Bro's HTTP analyzer doesn't currently do substring matches on the > content-encoding header so the resulting sdch/gzip content is identified as > gzip only. Two things need to happen here: > 1. Support substring matches on the content-encoding header to identify > that the content is gzip encoded. > 2. Support some notion of the SDCH protocol. > I think that point 1 should be done for the 2.0 release but point 2 can wait > until later when we have a better notion of what SDCH support would entail. -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev