(no subject)

Rodrigue_ALAHASSA · November 2, 2011, 3:47pm

Hi,

I just read an article (http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.70.824&rep=rep1&type=pdf) which compares performances of Bro and Snort. The authors stated at section 5.6 that Bro does not have a Unicode decoder for HTTP URI. Since their work were based on Bro 0.9a9, I guess this is not applicable for the current versions of Bro.

Can someone confirm or infirm my point of view ?

Thanks.

Seth_Hall3 · November 2, 2011, 3:57pm

Bro does not consider unicode in any way right now. Strings are only considered to be strings of individual bytes but low order ascii characters will be printed as such. Does that answer your question? I've been thinking about how to appropriately add unicode support for quite a while but I don't have a completely clear notion yet.

.Seth

Topic		Replies	Views
HTTP encoding Zeek	1	79	May 6, 2022
HTTP encoding Zeek	1	71	May 6, 2022
is snort2bro missing from 0.9-current Zeek	1	86	May 6, 2022
is snort2bro missing from 0.9-current Zeek	1	101	May 6, 2022
Bro's escaping of non-printable characters behaves unexpected Zeek	5	80	May 6, 2022

(no subject)

Related topics