Working with IDS/IPS Suricata fundamentals

Hi - second question in Suricata Fundamentals - have changed yaml file to enable http-log, run suricata as asked

suricata -r /home/htb-student/pcaps/suspicious.pcap

http.log appears … surely by the way the question is phrased the answer should be in this file … but only one .php file and it is not correct

Any help much appreciated

So I have the entire module except for this answer lol!

I have gone over it every way possible and the only php address is
http://adv.epostoday.uk/app.php

and this does not work

Please can any one point out what I am doing wrong?

answer is just the “requested page”
got right answer after reading question several times :grinning:

Hi - thanks for your help but I’m not sure what you mean? Obviously the answer is not: requested_page.php

The question tells you that the answer is the requested php page so I’m not quite sure what you mean

Any help much appreciated!

answer is just the tail, no need to write full website name

I got it but i swear I tried that a load of times before! Thanks for your time!

1 Like