We received a question off-list recently about extracting files and I wanted to put this script out there for more people than the one person I wrote it for. It's for extracting files from HTTP transfers by host address. I think it's a good example of how many of the base scripts were written to be extended.
I'll include a little example of how to use it here:
@load http-extract-files-from-addrs
redef HTTP::extract_files_from += { 1.2.3.4 };
http-extract-files-from-addrs.bro (418 Bytes)