[Bro-Dev] [JIRA] (BIT-647) Extend HTTP analyzer to support multiply encoded content.

2015-03-17 Thread Jon Siwek (JIRA) 

 [ 
https://bro-tracker.atlassian.net/browse/BIT-647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jon Siwek reassigned BIT-647:
-

Assignee: (was: Jon Siwek)

 Extend HTTP analyzer to support multiply encoded content.
 -

 Key: BIT-647
 URL: https://bro-tracker.atlassian.net/browse/BIT-647
 Project: Bro Issue Tracker
  Issue Type: Problem
  Components: Bro
Reporter: Seth Hall
 Attachments: http-sdch-gzip.trace


 When Chrome and other SDCH supporting http clients request content from SDCH 
 compatible HTTP servers the response includes a header that looks like this:
 {noformat}
 Content-Encoding: sdch,gzip
 {noformat}
 Bro's HTTP analyzer doesn't currently do substring matches on the 
 content-encoding header so the resulting sdch/gzip content is identified as 
 gzip only.  Two things need to happen here:
 1. Support substring matches on the content-encoding header to identify 
 that the content is gzip encoded.
 2. Support some notion of the SDCH protocol.
 I think that point 1 should be done for the 2.0 release  but point 2 can wait 
 until later when we have a better notion of what SDCH support would entail.



--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-647) Extend HTTP analyzer to support multiply encoded content.

2015-03-17 Thread Jon Siwek (JIRA) 

 [ 
https://bro-tracker.atlassian.net/browse/BIT-647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jon Siwek updated BIT-647:
--
Fix Version/s: (was: 2.4)

 Extend HTTP analyzer to support multiply encoded content.
 -

 Key: BIT-647
 URL: https://bro-tracker.atlassian.net/browse/BIT-647
 Project: Bro Issue Tracker
  Issue Type: Problem
  Components: Bro
Reporter: Seth Hall
 Attachments: http-sdch-gzip.trace


 When Chrome and other SDCH supporting http clients request content from SDCH 
 compatible HTTP servers the response includes a header that looks like this:
 {noformat}
 Content-Encoding: sdch,gzip
 {noformat}
 Bro's HTTP analyzer doesn't currently do substring matches on the 
 content-encoding header so the resulting sdch/gzip content is identified as 
 gzip only.  Two things need to happen here:
 1. Support substring matches on the content-encoding header to identify 
 that the content is gzip encoded.
 2. Support some notion of the SDCH protocol.
 I think that point 1 should be done for the 2.0 release  but point 2 can wait 
 until later when we have a better notion of what SDCH support would entail.



--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev