Hi everybody !!!
I'd like to log http payloads for each connection seen on my network.
In fact, I'd like to get something like :
Src_IP;Dst_IP;Request_Payload;Reply_Payload
but with entire payloads (not only URIs, but also banners...)
At the moment, the only way I found to manage that is to load the signature module and write a signature file using payload /.*/, in order to get the payloads on signature_match events with the data string.
It works, but unfortunately, this solution is a bit heavy in term of CPU usage. There's probably a way to get these payloads using a built-in function (and avoiding signatures module) ??? In fact, having a look at the http-related modules, I can't find how I can handle this problem...
Anybody to help me ??? (or just to tell me it's not possible with built-in functionnalities... ;-( )
Yohann.