Snort HTTPS Post: 302733851

Sponsored Content

Special Forums Cybersecurity Snort HTTPS Post 302733851 by drd0spt on Wednesday 21st of November 2012 07:47:58 AM

11-21-2012

Registered User

ok the situation is i have a IDS ( SourceFire ) is snort based and i have a completly normal snort rule, that looks for a escape character on normal HTTP request and he assumes that the type of request on some of the strings i have on my network are a exploit but in fact is not is just a HTTPS that escape the ASCII (a-f 0-9) in this case the rule looks for %1u content and in fact that character "u" exists in some of the requests in https for security reasons. I would like to say Snort if u see any HTTPS request dont use this rule or edit that rule and put only HTTP not on HTTPS transactions.

drd0spt

View Public Profile for drd0spt

Find all posts by drd0spt

5 More Discussions You Might Find Interesting

1. BSD

Snort on openbsd

Im trying to gather some info to set up snort on openbsd 3.2, has anyone out there managed to get it up and running ? My initial attempts seem to be quite below par

2. Linux

snort port no

Hi, can anybody know snort port no in linux,

3. Cybersecurity

Snort/NTOP Placement

I have been asked to place 2 (1 NTOP & 1 SNORT) boxes within our network as part of our tool kit for network monitoring and Intrusion detection. Out network is very simplistic and it layed out like this: internet | | Cisco 1811 Router (8x Layer 2 switch ports) ...

4. Solaris

Need suggestion:- Failed HTTPS transfer to https://supportfiles.sun.com/curl

Hi Guys, I have recently started reciving below Error message Failed HTTPS transfer to https://supportfiles.sun.com/curl whenever I run /usr/local/bin/sudo /opt/SUNWexplo/bin/explorer -P -q -v from all Servers. Looks like the SSL certificate as Expired. Whenever I type...

5. Homework & Coursework Questions

Error in installation of Snort 2.97.0

Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted! 1. The problem statement, all variables and given/known data: My system is Redhat 5.6. I want to install snort in my system which requires following dependencies. 1. Libpcap...

LEARN ABOUT MOJAVE

curlopt_proxy_sslcert

CURLOPT_PROXY_SSLCERT(3)				     curl_easy_setopt options					  CURLOPT_PROXY_SSLCERT(3)

NAME

       CURLOPT_PROXY_SSLCERT - set SSL proxy client certificate

SYNOPSIS

       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSLCERT, char *cert);

DESCRIPTION

       This option is for connecting to a HTTPS proxy, not a HTTPS server.

       Pass  a	pointer to a zero terminated string as parameter. The string should be the file name of your client certificate used to connect to
       the HTTPS proxy.  The default  format  is  "P12"  on  Secure  Transport	and  "PEM"  on	other  engines,  and  can  be  changed	with  CUR-
       LOPT_PROXY_SSLCERTTYPE(3).

       With NSS or Secure Transport, this can also be the nickname of the certificate you wish to authenticate with as it is named in the security
       database. If you want to use a file from the current directory, please precede it with "./" prefix, in order  to  avoid	confusion  with  a
       nickname.

       When using a client certificate, you most likely also need to provide a private key with CURLOPT_PROXY_SSLKEY(3).

       The application does not have to keep the string around after setting this option.

DEFAULT

       NULL

PROTOCOLS

       Used with HTTPS proxy

EXAMPLE

       TODO

AVAILABILITY

       Added in 7.52.0

RETURN VALUE

       Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

       CURLOPT_PROXY_SSLCERTTYPE(3), CURLOPT_PROXY_SSLKEY(3), CURLOPT_SSLCERT(3),

libcurl 7.54.0							 December 21, 2016					  CURLOPT_PROXY_SSLCERT(3)