Snort mailing list archives
some question about http inspector
From: 谁是我的卡多 via Snort-sigs <snort-sigs () lists snort org>
Date: Wed, 17 Mar 2021 22:04:09 +0800
Hello, First, Thank you for reading my e-mail! I am analyzing the HTTP inspector source code about snort 3. What can I do to get the full content of the HTTP request or response message body after combine rather than the split content in the HTTP source code ? such as flow: GET /xxxxxxxxxxxxxxxxxxx HTTP/1.1 ............. HTTP/1.1 200 OK .................. abc1111111111111111111111111111111111111111111111111111 I want to get the full respose message body "abc1111111111111111111111111111111111111111111111111111". Can you give me some clues? I would appreciate it so much for you time.
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:
- some question about http inspector 谁是我的卡多 via Snort-sigs (Mar 18)