Uploaded image for project: 'Bro Issue Tracker'
  1. BIT-670

Extend decode_base64() to accomodate alternate base64 charsets

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0
    • Component/s: Bro
    • Labels:
      None
    • External issue ID:
      670

      Description

      Using an alternate base64 alphabet to encode data with the standard base64 algorithm is effectively the same as encrypting it with a long alphanumeric encryption key. We see this in common use in malware C2 channels. If we could supply a known alphabet to the base64 function, we could more easily decode some of the C2 channels. This would be of great benefit to many Bro users.

      Ideally, I'd like to see something like:

      const my_alphabet: string = "...";

      decoded = decode_base64(data, my_alphabet);

        Attachments

          Activity

            People

            • Assignee:
              robin Robin Sommer
              Reporter:
              david.bianco david.bianco
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: