James Emery-Callcott
- Login: jcallcott
- Registered on: 07/03/2019
- Last sign in: 06/13/2025
Issues
open | closed | Total | |
---|---|---|---|
Assigned issues | 0 | 0 | 0 |
Reported issues | 5 | 3 | 8 |
Activity
06/13/2025
- 09:38 PM Suricata Bug #7754: http.host and http.host.raw contain the same Host header value twice, with a delimiter
- Does this mean there is no plan to change this behaviour and that it is intended?
- 01:35 AM Suricata Bug #7754: http.host and http.host.raw contain the same Host header value twice, with a delimiter
- I've just tested http.accept; for this same logic and it seems that buffer is affected too. I suspect all http stick...
- 01:06 AM Suricata Bug #7754: http.host and http.host.raw contain the same Host header value twice, with a delimiter
- My concerns here is that this could now lead to bypassing many existing signatures with ease.
If a signature inclu... - 12:58 AM Suricata Bug #7754: http.host and http.host.raw contain the same Host header value twice, with a delimiter
- Came back to this with fresh eyes and I think I've identified the cause however, it's potentially still a bug.
It ... - 12:44 AM Suricata Bug #7754: http.host and http.host.raw contain the same Host header value twice, with a delimiter
- Re-posting the same signature in a code block so certain characters aren't interpreted as formatting efforts.
<pre... - 12:42 AM Suricata Bug #7754 (New): http.host and http.host.raw contain the same Host header value twice, with a delimiter
- I ran into some strange behaviour when drafting a rule to detect RFC non-compliant characters within the HTTP host he...
12/10/2024
- 06:00 PM Suricata Feature #7446: add logic to parse QUIC CRYPTO frames and provide a keyword to access the reassembled data
- can probably close this out :) Chris W discovered quic.sni exists, it just wasn't documented
12/08/2024
- 11:27 PM Suricata Feature #7446: add logic to parse QUIC CRYPTO frames and provide a keyword to access the reassembled data
- semi-relevant https://redmine.openinfosecfoundation.org/issues/4985
- 11:23 PM Suricata Feature #7446 (New): add logic to parse QUIC CRYPTO frames and provide a keyword to access the reassembled data
- Apologies if this is a duplicate report, I couldn't find anything else when searching.
Currently, we have no metho...
10/11/2024
- 01:05 AM Suricata Feature #7322 (Rejected): ability to negate the existence of fields via buffer negation
- While writing hunting signatures today, we noticed that it is not possible to negate the existence of a buffer which ...
Also available in: Atom