Adds http.header on HTTP2 traffic check

author Philippe Antoine <contact@catenacyber.fr>

Mon, 31 May 2021 08:50:19 +0000 (10:50 +0200)

committer Victor Julien <victor@inliniac.net>

Fri, 3 Sep 2021 10:47:06 +0000 (12:47 +0200)
author Philippe Antoine <contact@catenacyber.fr>
Mon, 31 May 2021 08:50:19 +0000 (10:50 +0200)
committer Victor Julien <victor@inliniac.net>
Fri, 3 Sep 2021 10:47:06 +0000 (12:47 +0200)
diff --git a/tests/http2-keywords2/test.rules b/tests/http2-keywords2/test.rules

index 34f5c14f3d84df7994dbe7dae3e797086a2b37db..518f85dc357cd0c26371f61538c84a4995065953 100644 (file)
--- a/tests/http2-keywords2/test.rules
+++ b/tests/http2-keywords2/test.rules
@@ -10,3 +10,4 @@ alert http2 any any -> any any (http.method; content:"GET"; sid:31;)
  alert http2 any any -> any any (http.host.raw; content:"nghttp2.org"; sid:32;)
  
  alert http2 any any -> any any (http.header_names; content:"|0d 0a|user-agent|0d 0a|accept|0d 0a|"; sid:33;)
+alert http2 any any -> any any (http.header; content:"user-agent: curl/7.61.0|0d 0a|accept: */*|0d 0a|"; sid:34;)
diff --git a/tests/http2-keywords2/test.yaml b/tests/http2-keywords2/test.yaml

index 19c095f5405efed21b6cc7f451cc87b1dd2e6cb2..9fde64b801654bd770eaf17cee2d36e003e3fbd0 100644 (file)
--- a/tests/http2-keywords2/test.yaml
+++ b/tests/http2-keywords2/test.yaml
@@ -55,3 +55,8 @@ checks:
        match:
          event_type: alert
          alert.signature_id: 33
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 34
author	Philippe Antoine <contact@catenacyber.fr>
	Mon, 31 May 2021 08:50:19 +0000 (10:50 +0200)
committer	Victor Julien <victor@inliniac.net>
	Fri, 3 Sep 2021 10:47:06 +0000 (12:47 +0200)
tests/http2-keywords2/test.rules		patch \| blob \| blame \| history
tests/http2-keywords2/test.yaml		patch \| blob \| blame \| history