Ask Your Question

Revision history [back]

Determine if python code was sent through port 80

Hello,

I'm looking at a pcap where a connection was made through port 80 using http protocol. I plan on writing a snort rule that checks to see if a python script was sent in the contents of a packet rather than regular html (or anything to display a webpage). Is there any way I can determine if a script was sent without completely analyzing the contents of a packet? I would rather not use machine learning for this so I'm wondering if there a discrete way I can figure out if a script was sent.

Thanks

Determine if python code was sent through port 80

Hello,

I'm looking at a pcap where a connection was made through port 80 using http protocol. I plan on writing a snort rule that checks to see if a python script was sent in the contents of a packet rather than regular html (or anything to display a webpage). Is there any way I can determine if a script was sent without completely analyzing the contents of a packet? packet manually? I would rather not use machine learning for this so I'm wondering if there a discrete way I can figure out if a script was sent.sent.

The reason why I want to do this is to see if attackers are sending commands to malware through this port.

Thanks

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2