Hi,
I'm working with bro in an protected network where
I can't do dns requests. I want to lookup malware with
malware.hash.cymru.com with a http request but
I can't find any function for this. I could make my own
script and activate it with piped_exec, but would I be
able to read the scripts stdout ?
Regards,
Daniel
A small modification from our test suite...
(more generally take a look at scripts/base/utils/active-http.bro)
@load base/utils/active-http
event bro_init()
{
local req = ActiveHTTP::Request($url="http://google.com");
when ( local resp = ActiveHTTP::request(req) )
{
print resp;
}
timeout 1min
{
print "HTTP request timeout";
}
}
.Seth