tags: Analisi_HTTP wireshark Analisti_Traffico_Wireshark
Generale
http
http2
Metodi
http.request.method == "GET"
http.request.method == "POST"
http.request`
Status Code
http.response.code == 200
http.response.code == 401
http.response.code == 403
http.response.code == 404User Agent
http.user_agent contains "nmap"
http.request.uri contains "admin"
http.request.full_uri contains "admin"
Log4j
http.request.method == "POST"
(ip contains "jndi") or ( ip contains "Exploit")
(frame contains "jndi") or ( frame contains "Exploit")
(http.user_agent contains "$") or (http.user_agent contains "==")
http.server contains "apache"
http.host contains "keyword"`
http.host == "keyword"`
http.connection == "Keep-Alive"`
data-text-lines contains "keyword"
- Server: Server service name.
- Host: Hostname of the server
- Connection: Connection status.
- Line-based text data: Cleartext data provided by the server.
- HTML Form URL Encoded: Web form information.