On Feb 21, 2013, at 3:16 PM, Chris Crawford <christopher.p.crawford(a)gmail.com>
Having this type of functionality would be awesome! It would "unlock" bro to
the point where we would only be limited by our imaginations with what we could make bro
I know you mentioned that the current stuff is broken on github, but I gave it a try
anyways (I modified the command in exec-test.bro to the date command):
$ bro -r test.pcap exec-test.bro
entering the async whatever
[/tmp/bro-exec-4N1gxc3hF32] = [Thu Feb 21 2013]
bro: bro-2.1/src/Trigger.cc:227: bool Trigger::Eval(): Assertion
So close, and yet so far.
Yep, that's the bug. Try checking out the other commit that I suggested. That
should make it work.
Additionally I already have a full module named ActiveHTTP wrapped around it (about 100
lines of code) that uses the curl command line client internally (yes, hacky) but present
a very nice and clean API to users. You currently get the body of the response, the
response code, the response message, and all of the headers the server returned.
This sort of opens the door to all kinds of crazy stuff though. Someone (you know who you
are!) already mentioned the idea of doing an NMAP wrapper so that people could start NMAP
scans and get results back into Bro really easily.
I'm assuming that this is the bug that you
mentioned Bro 2.2 will fix. When is Bro 2.2 expected to be released?
We aren't quite sure yet, we're furiously working on several big features now.
International Computer Science Institute
(Bro) because everyone has a network