Decoder : Opérations courantes des parsers

Document created by RSA Information Design and Development on Feb 3, 2017
Version 1Show Document
  • View in full screen mode
  

Cette rubrique donne des exemples d'opérations courantes des parsers.

Cette rubrique présente cinq opérations courantes des parsers.

Faire correspondre le port et identifier immédiatement

<?xml version="1.0" encoding="utf-8"?>

<parsers

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:noNamespaceSchemaLocation="parsers.xsd">

<parser name="CustApp" desc="Acme Custom App" service="45324">

<declaration>

<port name="port" value="45324" />

<declaration>

</match name="port">

<identify />

</match>

</parser>

</parsers>

Faire correspondre le port et retarder l'identification

<?xml version="1.0" encoding="utf-8"?>

<parsers

   xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance

   xsi:noNamespaceSchemaLocation="parsers.xsd">

<parser name="MSRPC" desc="Microsoft RPC protocol" service=135">

<declaration>

<port name="port" value="135" />

<number name="state" scope="session" />

<session name="end" value="end" />

</declaration>

<match name="port">

<assign name="state" value="1" />

</match>

<match name="end">

<if name="state" equal="1" />

<identify />

</if>

</match>

</parser>

</parsers>

Faire correspondre le token et identifier immédiatement

<?xml version="1.0" encoding="utf-8?>

<parsers

   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

   xsi:noNamespaceSchemaLocation="parsers.xsd">

<parser name="RDP" desc="Remote Desktop Protocol" service="3389">

<declaration>

<token name="signature" value="Cookie: mstshash=" />

</declaration>

<match name="signature">

<identify />

</match>

</parser>

</parsers>

Faire correspondre plusieurs tokens

<?xml version="1.0" encoding="utf-8"?>

<parsers

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:noNamespaceSchemaLocation="parsers.xsd">

<parser name="MyServiceMultiToken" desc="Multiple Tokens" service="333">

<declaration>

<number name="state" scope="stream" />

<token name="user" value="USER " />

<token name="pass" value="PASS " />

<session name="session" value="end" />

</declaration>

<match name="user">

<or name="state" value="1" />

</match>

<match name="pass">

<or name="state" value="2" />

</match>

<match name="session">

<if name="state" equal="3">

<identify />

</if>

</match>

</parser>

</parsers>

Faire correspondre le token et créer les métadonnées

<?xml version="1.0" encoding="utf-8"?>

<parsers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:noNamespaceSchemaLocation="parsers.xsd">

<parser name="SHELL" desc="Command Shell Identification">

<declaration>

<token name="cmd.exe" value=" (C) Copyright 1985-2001 Microsoft Corp" options="linestart" />

<meta name="client" key="client" format="Text" />

</declaration>

<match name="cmd.exe"

<register  name="client" value="MS Command Shell" />

</match>

</parser>

</parsers>

You are here
Table of Contents > Références > Vue Configuration des services - onglet Fichiers > Parser Flex > Opérations courantes des parsers

Attachments

    Outcomes