Project

General

Profile

Actions

Feature #2054

closed

Extracting HTTPS URL´s from SMTP, currently only HTTP is supported

Added by Per Le about 7 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
medium
Difficulty:
medium
Label:

Description

Hello :)
We are looking for extracting HTTPS URL´s from SMTP. Currently, only HTTP is supported
Can you please add this?


Related issues 1 (0 open1 closed)

Has duplicate Suricata - Feature #2724: extract-urls in email mime decoder increasingly obsoleteRejectedActions
Actions #1

Updated by Andreas Herz almost 7 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions #2

Updated by Drew G over 6 years ago

Ideally, it would be great if this had some granularity that was configurable. Something like:

#Default (same result as current code)
extract-urls: yes
extract-urls-schemes: [http]
log-url-scheme: no

eve.json ->

...,"url":["suricata-ids.org"],...

#Proposed Feature
extract-urls: yes
extract-urls-schemes: [http, https, ftp, mailto]
log-url-scheme: yes

eve.json ->

...,"url":["http:\/\/suricata-ids.org","https:\/\/suricata-ids.org"],...

Actions #3

Updated by Victor Julien over 6 years ago

  • Assignee changed from OISF Dev to Anonymous

I like the idea. Happy to take a pull request.

Actions #4

Updated by Victor Julien over 5 years ago

  • Effort set to medium
  • Difficulty set to medium
Actions #5

Updated by Victor Julien over 5 years ago

  • Has duplicate Feature #2724: extract-urls in email mime decoder increasingly obsolete added
Actions #6

Updated by Andreas Herz about 5 years ago

  • Assignee set to Community Ticket
Actions #7

Updated by Aaron Bungay almost 4 years ago

Looking into this.

Actions #9

Updated by Victor Julien over 3 years ago

  • Status changed from New to In Review
  • Assignee changed from Community Ticket to Aaron Bungay
  • Target version changed from TBD to 6.0.0beta1
Actions #10

Updated by Victor Julien over 3 years ago

  • Target version changed from 6.0.0beta1 to 7.0.0-beta1
Actions #11

Updated by Victor Julien about 2 years ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF