HTTP/2

McMahon_Kevin_J · February 6, 2015, 7:54pm

Has anyone done any work on upgrading Bro to support HTTP/2? If so I'm very interested in what might have been done and/or what is being done?

Vlad_Grigorescu1 · February 6, 2015, 8:53pm

I don’t believe anyone’s done any work on this. From what I can tell, most implementations (at least IE, Firefox, and Chrome) are only supporting HTTP/2.0 over TLS. If that trend continues, the only changes to Bro might just be ensuring that the SSL analyzer would work with it.

–Vlad

anthony_kasza1 · February 6, 2015, 10:00pm

I was under the impression the spec was still being drafted.

-AK

Seth_Hall3 · February 7, 2015, 4:42am

It’s basically done. https://http2.github.io/

Implementations and real world use are starting to show up all over the place. If you’d like to dig around and find evidence of http/2 being used unencrypted, that could be a huge motivator for someone to take it on.

Thanks to google, this space is even more muddied than just HTTP/2. They have a new protocol named QUIC that is yet another pain to support, and this protocol is also already in use when Chrome connects to a number of Google properties.

.Seth

McMahon_Kevin_J · February 10, 2015, 9:38pm

All,

Ok, thanks for the feedback. I've got some colleagues looking for samples. I may be enticed to take this on depending on what we find.

Kevin

Topic		Replies	Views
Bro HTTP/2 Decoder/Analyzer Plugin Released by MITRE Zeek	2	101	May 6, 2022
Potential of including TLSv1.3 support in Bro 2.5 Development development	8	82	May 6, 2022
Bro 2.6 beta feedback? Zeek	13	129	May 6, 2022
HTTP methods Zeek	1	124	May 6, 2022
HTTPS Analyzer Development development	2	116	May 6, 2022

HTTP/2

Related Topics