https://inliniac.net/blog/tag/magic/ Recent content in Magic on Inliniac Hugo en Tue, 29 Nov 2011 16:27:27 +0000 https://inliniac.net/blog/2011/11/29/file-extraction-in-suricata/ Tue, 29 Nov 2011 16:27:27 +0000 https://inliniac.net/blog/2011/11/29/file-extraction-in-suricata/ <p>Today I pushed out a new feature in Suricata I&rsquo;m very excited about. It has been long in the making and with over 6000 new lines of code it&rsquo;s a significant effort. It&rsquo;s available in the current git master. I&rsquo;d consider it alpha quality, so handle with care.</p> <p>So what is this all about? Simply put, we can now extract files from HTTP streams in Suricata. Both uploads and downloads. Fully controlled by the rule language. But thats not all. I&rsquo;ve added a touch of magic. By utilizing libmagic (this powers the &ldquo;file&rdquo; command), we know the file type of files as well. Lots of interesting stuff that can be done there.</p>