Forum Discussion
JRahm
Jun 26, 2008Admin
Sure thing. One note, though. It appears that the cookie only holds 9 characters, so if the username is longer than that, the uniqueness of the user will need to be determined in the first 9 characters. Also, the else wasn't matched to the correct if clause, so I moved it. This should meet both conditions correctly:
when CLIENT_ACCEPTED {
TCP::collect
}
when CLIENT_DATA {
TCP::collect 25
binary scan [TCP::payload] x11a* msrdp
log local0. "Contents after binary scan: $msrdp"
if { [string equal -nocase -length 17 $msrdp "cookie: mstshash="] } {
set msrdp [string range $msrdp 17 end]
set len [string first "\n" $msrdp]
if { $len == -1 } {
TCP::collect
return
}
if { $msrdp contains "@" } {
if { $len > 5 } {
incr len -1
log local0. "Data Persisting on: [getfield $msrdp "@" 1]"
persist uie [getfield $msrdp "@" 1]
}
} else { persist uie $msrdp }
}
TCP::release
}