[Oisf-devel] TLS Buffers for LUA Scripting?
Nasir Bilal
bilalbox at gmail.com
Tue Dec 29 16:58:23 UTC 2015
Jason,
Thanks, that's great! Yes, we should update the documentation. Is that
something anybody can do?
Regards,
Nasir
On Tue, Dec 29, 2015 at 11:54 AM Jason Ish <lists at unx.ca> wrote:
> Hi Nasir,
>
> See below...
>
> On Sun, Dec 27, 2015 at 11:25 PM, Nasir Bilal <bilalbox at gmail.com> wrote:
> > Hey Devs!
> >
> > I wanted to throw an idea out there to see if anyone knows if this idea
> is
> > already in the works or even feasible. On our Lua scripting page, we
> > currently support the following buffers:
> >
> > packet -- entire packet, including headers
> > payload -- packet payload (not stream)
> > http.uri
> > http.uri.raw
> > http.request_line
> > http.request_headers
> > http.request_headers.raw
> > http.request_cookie
> > http.request_user_agent
> > http.request_body
> > http.response_headers
> > http.response_headers.raw
> > http.response_body
> > http.response_cookie
> >
> > Ref:
> >
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_scripting
> >
> > Would it be possible to register any new buffers to this list? In
> > particular, how do you think we could go about adding some TLS keywords:
> > tls.version
> > tls.subject
> > tls.issuerdn
> > tls.fingerprint
> >
> > Ref:
> >
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/TLS-keywords
> >
> > These would open up a lot of power for scripting complex detections of
> > TLS-related attacks and exploits.
>
> Looks like the 3.0RC's have these already, see this commit for more detail:
>
>
> https://github.com/inliniac/suricata/commit/371648a8c61e93b42f74263bcedb9d1b8b1af354
>
> Looks like the documentation there may need to catch up.
>
> Jason
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20151229/3a5cedfd/attachment-0002.html>
More information about the Oisf-devel
mailing list