Ok, thanks a lot. :) -------------------------------------------- On Mon, 2/22/16, Chaim Sanders <csand...@trustwave.com> wrote:
Subject: Re: [Owasp-modsecurity-core-rule-set] LibModsecurity To: "Big Whale" <d0lph1...@yahoo.com>, "owasp-modsecurity-core-rule-set@lists.owasp.org" <owasp-modsecurity-core-rule-set@lists.owasp.org> Date: Monday, February 22, 2016, 9:02 PM Although I havenĀ¹t updated it for the latest API yet, you might be looking for something like the following: https://github.com/SpiderLabs/ModSecurity-pcap/blob/master/pcap.cc On 2/22/16, 4:36 AM, "owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of Big Whale" <owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of d0lph1...@yahoo.com> wrote: >Hello, > >i'm having a hard time in finding the function call that actually detect >injection payload (e.g <script>alert(1)</script>). The payload does not >necessarily need to >exactly like the one i provided in the brackets. > >Based on the code flow >(http://scanmail.trustwave.com/?c=4062&d=9tzK1h38IqAhEgQ38nNnYSnl3JmZpn1Qw >kUELBOfhg&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fbl >ob%2flibmodsecurity%2fexamples%2fsimple%5fexample%5fusing%5fc%2ftest%2ec%2 >9 the code basically just initiate the rules to the modsecurity instance >and also try to initiate remote rules and i don't find any function call >that actually does the payload detection, is it already implemented? >maybe i missed somewhere. Thanks. >_______________________________________________ >Owasp-modsecurity-core-rule-set mailing list >Owasp-modsecurity-core-rule-set@lists.owasp.org >http://scanmail.trustwave.com/?c=4062&d=9tzK1h38IqAhEgQ38nNnYSnl3JmZpn1Qwh >IBIxTLjw&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2fow >asp-modsecurity-core-rule-set ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
