Closed paramduggal closed 10 years ago
It's a good idea. I'll incorporate a change into the ChopShop v4 branch.
Since we're using libhtp, it'd make more sense to do the first option and allow the user to specify the port (giving the option to allow all ports to be scanned).
As per current code, module http_extractor discovers HTTP traffic only over port 80.
As many malware communicate using http protocol over non-standard ports, it is suggested that the module should: