Adds check for http.cookie keyword on http2 traffic

author Philippe Antoine <contact@catenacyber.fr>

Mon, 26 Apr 2021 13:50:17 +0000 (15:50 +0200)

committer Victor Julien <victor@inliniac.net>

Tue, 18 May 2021 10:14:15 +0000 (12:14 +0200)
author Philippe Antoine <contact@catenacyber.fr>
Mon, 26 Apr 2021 13:50:17 +0000 (15:50 +0200)
committer Victor Julien <victor@inliniac.net>
Tue, 18 May 2021 10:14:15 +0000 (12:14 +0200)
diff --git a/tests/http2-bugfixes/test.rules b/tests/http2-bugfixes/test.rules

new file mode 100644 (file)

index 0000000..27a0f66
--- /dev/null
+++ b/tests/http2-bugfixes/test.rules
@@ -0,0 +1 @@
+alert http2 any any -> any any (http.cookie; content:"VISITOR"; sid:10;)
diff --git a/tests/http2-bugfixes/test.yaml b/tests/http2-bugfixes/test.yaml

index f868748a435dbe7530bca678d09ddf24d3f03f98..25c4a9c0d5ded19011cb6f850f6b2e63964399af 100644 (file)
--- a/tests/http2-bugfixes/test.yaml
+++ b/tests/http2-bugfixes/test.yaml
@@ -28,3 +28,8 @@ checks:
        match:
          event_type: fileinfo
          fileinfo.size: 880
+  - filter:
+      count: 4
+      match:
+        event_type: alert
+        alert.signature_id: 10
author	Philippe Antoine <contact@catenacyber.fr>
	Mon, 26 Apr 2021 13:50:17 +0000 (15:50 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 18 May 2021 10:14:15 +0000 (12:14 +0200)
tests/http2-bugfixes/test.rules	[new file with mode: 0644]	patch \| blob
tests/http2-bugfixes/test.yaml		patch \| blob \| blame \| history