[Oisf-users] Dump gzipped content

Kevin Geil info at friendandfamilytech.com
Wed Oct 24 12:29:52 UTC 2018


If you have full packet captures, you can filter out the traffic you need,
then "follow tcp stream" in Wireshark. You can try this with a single
packet, but it might not be enough data.

Kevin

On Tue, Oct 23, 2018, 4:18 AM Davide Setti <d.setti at certego.net> wrote:

> Hi all,
>
> is it possible with suricata to dump/log the unzipped content of an HTTP
> gzipped response (when "Content-Econding: gzip") ?
>
> Thanks all,
> Davide
> --
> <http://www.certego.net/>
> Davide Setti
> R&D and Incident Response Team, Certego
> <http://www.linkedin.com/company/certego>
> <http://twitter.com/Certego_IRT>  <http://github.com/certego>
> <http://www.youtube.com/CERTEGOsrl>
> <http://plus.google.com/117641917176532015312>
> Use of the information within this document constitutes acceptance for use
> in an "as is" condition. There are no warranties with regard to this
> information; Certego has verified the data as thoroughly as possible. Any
> use of this information lies within the user's responsibility. In no event
> shall Certego be liable for any consequences or damages, including direct,
> indirect, incidental, consequential, loss of business profits or special
> damages, arising out of or in connection with the use or spread of this
> information.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181024/efcf3c26/attachment.html>


More information about the Oisf-users mailing list