Forum Discussion
Bronze IIISnort Rules: Ep.9 – Exploit Kits
I am pulling my hair with question number 8
Create a Snort rule to detect the third GET request in the second PCAP file, then submit the token.
This one should do it but it is not working.
alert tcp any any -> any any (msg:"detect the third GET request"; content:"e31e6edb08bf0ae9fbb32210b24540b6fl"; sid:1000001)
I tried so many rules base on the first GET header and still unable to get the token. Any tips?
SamDickison Thank you, I was able to completed.
3 Replies
- SamDickison
Community Manager
Hey retornet, I've seen that Stark and bluejacket have completed this. I wonder if they have any tips for you :-D
If not I can get some help from one of the team.
- SamDickison
Hi retornet, sorry for not picking this up until now. Did you manage to complete the lab?
retornetSamDickison Thank you, I was able to completed.
