[Bro-Dev] [JIRA] (BIT-647) Extend HTTP analyzer to support multiply encoded content.
[ https://bro-tracker.atlassian.net/browse/BIT-647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jon Siwek reassigned BIT-647: - Assignee: (was: Jon Siwek) Extend HTTP analyzer to support multiply encoded content. - Key: BIT-647 URL: https://bro-tracker.atlassian.net/browse/BIT-647 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Reporter: Seth Hall Attachments: http-sdch-gzip.trace When Chrome and other SDCH supporting http clients request content from SDCH compatible HTTP servers the response includes a header that looks like this: {noformat} Content-Encoding: sdch,gzip {noformat} Bro's HTTP analyzer doesn't currently do substring matches on the content-encoding header so the resulting sdch/gzip content is identified as gzip only. Two things need to happen here: 1. Support substring matches on the content-encoding header to identify that the content is gzip encoded. 2. Support some notion of the SDCH protocol. I think that point 1 should be done for the 2.0 release but point 2 can wait until later when we have a better notion of what SDCH support would entail. -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-647) Extend HTTP analyzer to support multiply encoded content.
[ https://bro-tracker.atlassian.net/browse/BIT-647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jon Siwek updated BIT-647: -- Fix Version/s: (was: 2.4) Extend HTTP analyzer to support multiply encoded content. - Key: BIT-647 URL: https://bro-tracker.atlassian.net/browse/BIT-647 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Reporter: Seth Hall Attachments: http-sdch-gzip.trace When Chrome and other SDCH supporting http clients request content from SDCH compatible HTTP servers the response includes a header that looks like this: {noformat} Content-Encoding: sdch,gzip {noformat} Bro's HTTP analyzer doesn't currently do substring matches on the content-encoding header so the resulting sdch/gzip content is identified as gzip only. Two things need to happen here: 1. Support substring matches on the content-encoding header to identify that the content is gzip encoded. 2. Support some notion of the SDCH protocol. I think that point 1 should be done for the 2.0 release but point 2 can wait until later when we have a better notion of what SDCH support would entail. -- This message was sent by Atlassian JIRA (v6.4-OD-15-055#64014) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev