I'm working with bro in an protected network where
I can't do dns requests. I want to lookup malware with
malware.hash.cymru.com with a http request but
I can't find any function for this. I could make my own
script and activate it with piped_exec, but would I be
able to read the scripts stdout ?
A small modification from our test suite...
(more generally take a look at scripts/base/utils/active-http.bro)
local req = ActiveHTTP::Request($url="http://google.com");
when ( local resp = ActiveHTTP::request(req) )
print "HTTP request timeout";