Hi - second question in Suricata Fundamentals - have changed yaml file to enable http-log, run suricata as asked
suricata -r /home/htb-student/pcaps/suspicious.pcap
http.log appears … surely by the way the question is phrased the answer should be in this file … but only one .php file and it is not correct
Any help much appreciated
So I have the entire module except for this answer lol!
I have gone over it every way possible and the only php address is
http://adv.epostoday.uk/app.php
and this does not work
Please can any one point out what I am doing wrong?
N8181
3
answer is just the “requested page”
got right answer after reading question several times
Hi - thanks for your help but I’m not sure what you mean? Obviously the answer is not: requested_page.php
The question tells you that the answer is the requested php page so I’m not quite sure what you mean
Any help much appreciated!
N8181
5
answer is just the tail, no need to write full website name
I got it but i swear I tried that a load of times before! Thanks for your time!
1 Like
I used this after using suricata: cat eve.json | grep .php
1 Like