Project

General

Profile

Actions
Copy link

Support #2647

closed

how i can get all http data

Added by yg lu over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

for http analysis, i capture all http traffic and found that some characters can not show , it gave "...." instead , plese check "ids01.jpg"
and then i capture it use firefox, and i see the part of "..." are Chinese, please check "firefox01.jpg"
i wan to know how i can capture the all data use suricata?
thanks

Files

Download all files
ids01.jpg (72.5 KB) ids01.jpg yg lu, 10/24/2018 04:45 AM
firefox01.jpg (33.8 KB) firefox01.jpg yg lu, 10/24/2018 04:48 AM
Actions
Copy link
 #1

Updated by Victor Julien over 5 years ago

Please see https://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html?highlight=printable

You can specify 'http-body' and 'http-body-printable'. The first one will be lossless, base64 encoded.

Actions
Copy link
 #2

Updated by yg lu over 5 years ago

Victor Julien wrote:

Please see https://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html?highlight=printable

You can specify 'http-body' and 'http-body-printable'. The first one will be lossless, base64 encoded.

thanks a lot, i got it , thanks again

Actions
Copy link
 #3

Updated by Victor Julien over 5 years ago

  • Status changed from New to Closed
  • Priority changed from High to Normal
  • Target version deleted (4.0.5)
Actions
Copy link

Also available in: Atom PDF