Extracting content types of the HTTP responses

Po-Ching_Lin · October 22, 2012, 1:37am

Dear all,

Recently, we analyze the content types of the HTTP responses
in some traces. We find some content types are not accurately recorded
in the http.log. The attached PCAP file is an example. In the file, the
content type of the second response is "application/x-javascript," but
Bro (ver. 2.1) simply records "text/plain" for the response in the http.log.
Please suggest how we can make Bro record the accurate content type in
the log. Many thanks.

Po-Ching

bro_javascript.pcap (3.1 KB)

Seth_Hall3 · October 22, 2012, 1:39pm

Our mime_type field in the HTTP field is not the value of the Content-Type header. It's from examining the content of the file. You can use the script I attached to this email if you want the value of the Content-Type header.

.Seth

http-content-type.bro (218 Bytes)

Topic		Replies	Views
Mime-type issues (text/plain and application/x-msdownload) Zeek	5	115	May 6, 2022
Empty mime type in http.log Zeek	1	99	May 6, 2022
Questions about Bro Capabilities Zeek	12	85	May 6, 2022
New to Bro... Question about recording HTTP User Agents Zeek	2	82	May 6, 2022
HTTP responses details are missing Zeek	3	154	May 6, 2022

Extracting content types of the HTTP responses

Related topics