Cookies

Karl_Kamin · September 25, 2012, 1:57pm

Has anyone extended bro to retrieve the cookie name/value/attributes ?

I have added the var-extraction-cookies.bro and see names in the bro logs, but would like to capture the value/attributes.

Karl

Matthias_Vallentin1 · September 25, 2012, 3:45pm

Has anyone extended bro to retrieve the cookie name/value/attributes ?

Our contributed scripts repository [1] contains a script sidejack.bro,
which extracts cookies as you describe it. Essentially, you have to
perform two nested splits: one to get the key-value pairs and one to
separate keys from values.

Matthias

[1] http://git.bro-ids.org/bro-scripts.git/tree

Topic		Replies	Views
Bro 2.1 http cookies extraction Zeek	1	71	May 6, 2022
Using Bro's file extraction script Zeek	2	65	May 6, 2022
extract jar files from HTTP stream Zeek	9	84	May 6, 2022
File Extraction Zeek	7	89	May 6, 2022
bro 0.6 alpha now available Zeek	1	47	May 6, 2022

Cookies

Related Topics