#7 [PATCH:] Download possibility for payload

BASE
closed-accepted
None
8
2005-08-17
2005-07-31
Anonymous
No

Hello,

I have written a small patch over the weekend that enables the base user to download or save the payload displayed by base (in hex code and in ascii code).

The pure payload in its binary form can be downloaded.

This is useful for further investigating the packets, because not everything can be
handled by "Follow tcpstream" in ethereal or by tcpflow or nstreams.

The patch consists of
two files:

base_qry_alert.php.diff
base_payload.php

I have done some first testing on a linux platform with snort-2.4.0, base-1.1.3 and with mysql encoding both in hex mode and in base64 mode.

Bye, bye

Juergen Leising
-

Discussion

  • Nobody/Anonymous

    tar.gz consists of a diff -Nur against base_qry_alert.php from base-1.1.3, and of a new file base_payload.php

     
  • Kevin Johnson

    Kevin Johnson - 2005-08-16
    • milestone: --> BASE
    • priority: 5 --> 8
    • assigned_to: nobody --> secureideas
    • status: open --> open-accepted
     
  • Kevin Johnson

    Kevin Johnson - 2005-08-16

    Logged In: YES
    user_id=836228

    I will be checking this into CVS tonight.... Thanks this is a
    very interesting idea.

    Kevin

     
  • Kevin Johnson

    Kevin Johnson - 2005-08-17

    Logged In: YES
    user_id=836228

    This is checked in.... and we will be testing it...

    Kevin

     
  • Kevin Johnson

    Kevin Johnson - 2005-08-17
    • status: open-accepted --> closed-accepted