@Override
protected String generateRuleWithParameter(
String uri, String action, String id, String genericVulnName, String parameter) {
String payload = PAYLOAD_MAP.get(genericVulnName);
String message = MESSAGE_MAP.get(genericVulnName);
payload = payload.replace(";", "\\;");
return action
+ " tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS ("
+ "msg:\""
+ message
+ "\"; "
+ "flow: to_server,established; "
+ "content:\""
+ uri
+ "?\"; http_uri; "
+ "content:\""
+ parameter
+ "=\"; http_uri; "
+ "pcre:\""
+ STR_FIND_PARAM_START
+ parameter
+ STR_FIND_PARAM_MID
+ payload
+ STR_FIND_PARAM_END
+ "; metadata:service http; "
+ "classtype:web-application-attack; sid:"
+ id
+ ";)";
}
@Override
protected String generateRuleForExactUrl(
String uri, String action, String id, String genericVulnName) {
String payload = PAYLOAD_MAP.get(genericVulnName);
String message = MESSAGE_MAP.get(genericVulnName);
payload = payload.replace(";", "\\;");
return action
+ " tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS ("
+ "msg:\""
+ message
+ "\"; "
+ "flow: to_server,established; "
+ "content:\""
+ uri
+ "\"; http_uri;"
+ "metadata:service http; "
+ "classtype:web-application-attack; sid:"
+ id
+ ";)";
}
