base/protocols/socks/main.bro

SOCKS
Namespace:SOCKS
Imports:base/frameworks/tunnels, base/protocols/socks/consts.bro
Source File:/scripts/base/protocols/socks/main.bro

Summary

Runtime Options

SOCKS::default_capture_password: bool &redef Whether passwords are captured or not.

Types

SOCKS::Info: record The record type which contains the fields of the SOCKS log.

Events

SOCKS::log_socks: event Event that can be handled to access the SOCKS record as it is sent on to the logging framework.

Detailed Interface

Runtime Options

SOCKS::default_capture_password
Type:bool
Attributes:&redef
Default:F

Whether passwords are captured or not.

Types

SOCKS::Info
Type:

record

ts: time &log

Time when the proxy connection was first detected.

uid: string &log

Unique ID for the tunnel - may correspond to connection uid or be non-existent.

id: conn_id &log

The connection’s 4-tuple of endpoint addresses/ports.

version: count &log

Protocol version of SOCKS.

user: string &log &optional

Username used to request a login to the proxy.

password: string &log &optional

Password used to request a login to the proxy.

status: string &log &optional

Server status for the attempt at using the proxy.

request: SOCKS::Address &log &optional

Client requested SOCKS address. Could be an address, a name or both.

request_p: port &log &optional

Client requested port.

bound: SOCKS::Address &log &optional

Server bound address. Could be an address, a name or both.

bound_p: port &log &optional

Server bound port.

capture_password: bool &default = SOCKS::default_capture_password &optional

Determines if the password will be captured for this request.

The record type which contains the fields of the SOCKS log.

Events

SOCKS::log_socks
Type:event (rec: SOCKS::Info)

Event that can be handled to access the SOCKS record as it is sent on to the logging framework.

Copyright 2016, The Bro Project. Last updated on January 10, 2019. Created using Sphinx 1.7.5.