Project

General

Profile

Feature #2054

Extracting HTTPS URL´s from SMTP, currently only HTTP is supported

Added by Per Le over 4 years ago. Updated 11 months ago.

Status:
In Review
Priority:
Normal
Assignee:
Target version:
Effort:
medium
Difficulty:
medium
Label:

Description

Hello :)
We are looking for extracting HTTPS URL´s from SMTP. Currently, only HTTP is supported
Can you please add this?


Related issues

Has duplicate Feature #2724: extract-urls in email mime decoder increasingly obsoleteRejectedActions
#1

Updated by Andreas Herz about 4 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
#2

Updated by Drew G over 3 years ago

Ideally, it would be great if this had some granularity that was configurable. Something like:

#Default (same result as current code)
extract-urls: yes
extract-urls-schemes: [http]
log-url-scheme: no

eve.json ->

...,"url":["suricata-ids.org"],...

#Proposed Feature
extract-urls: yes
extract-urls-schemes: [http, https, ftp, mailto]
log-url-scheme: yes

eve.json ->

...,"url":["http:\/\/suricata-ids.org","https:\/\/suricata-ids.org"],...

#3

Updated by Victor Julien over 3 years ago

  • Assignee changed from OISF Dev to Anonymous

I like the idea. Happy to take a pull request.

#4

Updated by Victor Julien almost 3 years ago

  • Effort set to medium
  • Difficulty set to medium
#5

Updated by Victor Julien over 2 years ago

  • Has duplicate Feature #2724: extract-urls in email mime decoder increasingly obsolete added
#6

Updated by Andreas Herz over 2 years ago

  • Assignee set to Community Ticket
#7

Updated by Aaron Bungay about 1 year ago

Looking into this.

#9

Updated by Victor Julien 12 months ago

  • Status changed from New to In Review
  • Assignee changed from Community Ticket to Aaron Bungay
  • Target version changed from TBD to 6.0.0beta1
#10

Updated by Victor Julien 11 months ago

  • Target version changed from 6.0.0beta1 to 7.0rc1

Also available in: Atom PDF