This module detects HTTP requests that are non RFC compliant requests including:
- Multiple HTTP Host headers
- GET requests with a body
- Multiple of
When any of these are detected, an
HTTP_Smuggling notice will be added to
Install via Zeek package manager:
$ zkg install zeek-httpattacks # or for legacy installs $ bro-pkg install zeek-httpattacks
Download the files to
$PREFIX/bro/share/bro/site/zeek-httpattacksand add the following to your
There are currently no configuration flags that can be used with this module. If you would like a new feature, please create a pull request.
HTTPATTACKS::HTTP_Smuggling Multiple HTTP Host headers detected HTTPATTACKS::HTTP_Smuggling More than one CL or TE header detected HTTPATTACKS::HTTP_Smuggling CL and TE headers detected HTTPATTACKS::HTTP_Smuggling HTTP GET request with body detected
Travis CI is used to run automated tests on each and every commit.
Andrew Klaus (@precurse)