Extract Executables

Hi,

I recently used bro IDS - Default Policy (GetTraffic from TAP on the network) and i want to analysis Files.
1- extract all Executables Files from all traffic (http,smb and others protocols).

2- md5 of all files that passed in the traffic.

How can i do it?

Thanks,

CM.

Try turning on the file extraction framework. Look at the code and see if that fits your needs.

Cheers,

JB



From: center.mnt@gmail.com
Sent: December 25, 2016 6:07 AM
To: bro@bro.org
Subject: [Bro] Extract Executables

Hi,

I recently used bro IDS - Default Policy (GetTraffic from TAP on the network) and i want to analysis Files.
1- extract all Executables Files from all traffic (http,smb and others protocols).

2- md5 of all files that passed in the traffic.

How can i do it?

Thanks,

CM.