| 67 | return None |
| 68 | |
| 69 | def http_handler(self, conn, request, response): |
| 70 | if not request: |
| 71 | return |
| 72 | |
| 73 | if self.ioc_bytes not in request.blob.data: |
| 74 | # indicator of (potential) compromise is not here |
| 75 | return |
| 76 | |
| 77 | # there is an attempt to exploit Joomla! |
| 78 | |
| 79 | # The Joomla exploit could be sent any HTTP header field |
| 80 | for hdr, val in request.headers.items(): |
| 81 | if self.ioc in val: |
| 82 | cmd = self.parse_cmd(val) |
| 83 | if cmd: |
| 84 | self.alert('{} -> {}'.format(hdr, cmd), **conn.info()) |
| 85 | return conn, request, response |
| 86 | |