Re^4: Snort data_payload decoding

[id://ikegami], I tried using MIME::Base64 to decode the stirng, and I got the string:

ßMÃÓm5ÓM8ÓÎ÷ß}ùïûß^µë`4ØM6Ó;Ðß6Ó]4Óm5ÓMôÛMôÐM:Ð
Ó5Óm5Óm6Ó
[download]

From the string:

303D02010004087333357537316162A02E0204870BAF350201000201003020300E060A
+2B060102010202010A050500300E060A2B0601020102020110050500
[download]

Ideally, I want it to look like something like this:

000 : 30 3D 02 01 00 04 08 73 33 35 75 37 31 61 62 A0   0=.....s35u71a
+b.
010 : 2E 02 04 87 0B AF 35 02 01 00 02 01 00 30 20 30   ......5......0
+ 0
020 : 0E 06 0A 2B 06 01 02 01 02 02 01 0A 05 05 00 30   ...+..........
+.0
030 : 0E 06 0A 2B 06 01 02 01 02 02 01 10 05 05 00      ...+..........
+.
[download]

These are all from the same packet, the problem is that I can't pass the preformated test from OpenAanval, so I have to dig through the raw DB.

amt.

perlcheat

Comment on Re^4: Snort data_payload decoding Select or Download Code

Replies are listed 'Best First'.
Re^5: Snort data_payload decoding by ikegami (Patriarch) on Oct 14, 2004 at 16:32 UTC
oops! you're trying to decode! Switch unpack for pack. It's odd to decode before putting it into an email. Is binary data even allowed in emails? `while (...) { my $encoded = pack('H*', $rows[0]); my $raw_length = length($rows[0]); # Formerly named $ea ...do something with these vars... }` [download]	[reply] [d/l]
Re^6: Snort data_payload decoding by hsinclai (Deacon) on Oct 14, 2004 at 16:49 UTC
Is binary data even allowed in emails? Don't think so - if it were, we would not need Base64 encoding and all that tricky Mime business:)	[reply]