Open Information Security Foundation

11/16/2022

06:41 PM Suricata Feature #5692 (New): Add brotli content encoding to HTTP/1.1

Google websites now use brotli encoding over HTTP/1.1
Suricata has brotli support in HTTP/2 but not HTTP/1.1
HTTP... David Beckett

06:35 PM Suricata Bug #5691 (Closed): HTTP/2 decompression bug

Added pcap and test in https://github.com/OISF/suricata-verify/pull/1007
David Beckett

10/05/2020

04:36 PM Suricata Bug #3998: HTTP2: invalid header anomaly

Ah ok, it doesn't seem common for website to use asymmetric table sizes, especially that small, but it's definitely p... David Beckett

11:15 AM Suricata Bug #3998 (Closed): HTTP2: invalid header anomaly

I'm getting a HTTP invalid_header anomaly on instagram. The alert doesn't seem to appear too often and it's hard to a... David Beckett

10/01/2020

01:47 PM Suricata Bug #3956: HTTP2 support variable integer lengths for headers

Tested PR5460 with around 50 websites and am getting no anomalies so all bugs on my side are fixed within this PR :) David Beckett

10:09 AM Suricata Bug #3956: HTTP2 support variable integer lengths for headers

I'm getting a invalid frame length with the attached pcap... David Beckett

10:10 AM Suricata Bug #3989: HTTP2: invalid_frame_data anomaly

Thanks, this is it fixed David Beckett

09/30/2020

01:36 PM Suricata Bug #3989: HTTP2: invalid_frame_data anomaly

Correct, running off PR 5455, commit 78a8f2 David Beckett

01:31 PM Suricata Bug #3989 (Closed): HTTP2: invalid_frame_data anomaly

Running suricata on the attached pcap gives invalid_frame_data anomalies. The traffic was generated by browsing a new... David Beckett

12:38 PM Suricata Bug #3972: HTTP2: stream_id_reuse

Thanks that seems to have fixed it
jq '.event_type' /tmp/eve.json | sort | uniq -c | sort -n
1 "stats"
... David Beckett