use http-request-methods as identifiers in naxsi-signatures - Githubissues

rspadim / naxsi

Automatically exported from code.google.com/p/naxsi

Other

0 stars 0 forks source link

use http-request-methods as identifiers in naxsi-signatures #58

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago

it would very cool if i could select the HTTP_Method for a signature, e.g.

MainRule "msg:I am a POST-Request" "str:/some.php" "mz:URL"
"method:POST" id:XXXXXX;

MainRule "msg:CONNECT _ Connection "str:/" "mz:URL"
"method:CONNECT" id:XXXXXX;

Original issue reported on code.google.com by lazy.dog...@gmail.com on 7 Jan 2013 at 7:12

GoogleCodeExporter commented 8 years ago

workaround to sig against a POST - request, eg you want to detect 
http://www.exploit-db.com/exploits/24206/

"str:Submit=Run" "mz:$URL:/script|$BODY_VAR:Submit"

Original comment by lazy.dog...@gmail.com on 30 Jan 2013 at 8:39

GoogleCodeExporter commented 8 years ago

Original comment by didier.c...@googlemail.com on 4 Apr 2013 at 1:57

Changed state: New
Added labels: Component-Logic, Type-Enhancement