aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc/userguide: fix base64 example

Browse Source 
Add a sticky buffer example and fix the content modifier one.
pull/4319/head
Eric Leblond 5 years ago committed by Victor Julien
parent 2d11e9394c
commit 821d590f5b
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File

13
doc/userguide/rules/base64-keywords.rst
Unescape Escape View File

@ -47,5 +47,14 @@ Example::
http_uri = "GET /en/somestring&dGVzdAo=&not_base64" http_uri = "GET /en/somestring&dGVzdAo=&not_base64"
Rule: Rule:
alert http any any -> any any (msg:"Example"; content:"somestring"; base64_decode:bytes 8, offset 1, relative; \ alert http any any -> any any (msg:"Example"; http.uri; content:"somestring"; \
http_uri; base64_content; content:"test"; sid:10001; rev:1;) base64_decode:bytes 8, offset 1, relative; \
base64_data; content:"test"; sid:10001; rev:1;)
Buffer content:
http_uri = "GET /en/somestring&dGVzdAo=&not_base64"
Rule:
alert http any any -> any any (msg:"Example"; content:"somestring"; http_uri; \
base64_decode:bytes 8, offset 1, relative; \
base64_data; content:"test"; sid:10001; rev:1;)

Write Preview
Loading…
Cancel
Save