Replies: 2 comments 3 replies
-
Sounds great to me. There's some prior work using Spicy: https://collateralmeaning.blogspot.com/2017/10/bro-and-spicy-for-websockets-network.html (note that was done with an old version of Spicy). |
Beta Was this translation helpful? Give feedback.
1 reply
-
Should I create a new package rather than directly integrate inside Zeek like http analyzer ? |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi everyone,
After looking inside HTTP analyzer code, I saw that after reply 101 (websocket upgrade) there is no analyze on the flow.
Is it a good idea to add a websocket analyzer ?
We can even add PIA analyzer on websocket to activate dpd (to prevent evading by tunneling into websocket flow) and create special signature on websocket (ex: write signatures for malware like Drovorub).
What do you think about that ?
Beta Was this translation helpful? Give feedback.
All reactions