[Oisf-devel] TLS Buffers for LUA Scripting?
Nasir Bilal
bilalbox at gmail.com
Mon Dec 28 05:25:00 UTC 2015
Hey Devs!
I wanted to throw an idea out there to see if anyone knows if this idea is
already in the works or even feasible. On our Lua scripting page, we *currently
*support the following buffers:
packet -- entire packet, including headers
payload -- packet payload (not stream)
http.uri
http.uri.raw
http.request_line
http.request_headers
http.request_headers.raw
http.request_cookie
http.request_user_agent
http.request_body
http.response_headers
http.response_headers.raw
http.response_body
http.response_cookie
Ref:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_scripting
Would it be possible to register any new buffers to this list? In
particular, how do you think we could go about adding some TLS keywords:
tls.version
tls.subject
tls.issuerdn
tls.fingerprint
Ref:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/TLS-keywords
These would open up a lot of power for scripting complex detections of
TLS-related attacks and exploits.
Thanks!
Nasir Bilal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20151228/8551469d/attachment.html>
More information about the Oisf-devel
mailing list