Extracting files by ip address

We received a question off-list recently about extracting files and I wanted to put this script out there for more people than the one person I wrote it for. It's for extracting files from HTTP transfers by host address. I think it's a good example of how many of the base scripts were written to be extended.

I'll include a little example of how to use it here:

@load http-extract-files-from-addrs
redef HTTP::extract_files_from += { };

http-extract-files-from-addrs.bro (418 Bytes)