[Oisf-users] user agent parsing error

erik clark philosnef at gmail.com
Fri Oct 6 16:36:08 UTC 2017


I am seeing Suri parsing the following out as a UA. Not sure why this is
occurring. Method is correctly broken out. Site referring the traffic is
linguee.com. Not sure if its specific to something linguee.com is doing, or
if this is a bug in the parser for Suri. The _TEST_ alert from ET (2009545)
will fire on traffic coming from this site, and the malformed http
information shoved into the json alert.

http_user_agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) GET /gampad/ads?gdfp_req=1(morestufffollowshere)

payload_printable: GET /gampad/ads?gdfp_req=1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171006/081af393/attachment.html>


More information about the Oisf-users mailing list