Configuring file extraction to write files in a directory when reading pcap files

[lagoon7]

Hello I am trying to also use this plugin however I can't get it to create a directory like ./extracted-files to put them in when I am reading a cap file. Do I also need the base policy extract-all-files? I do like the fact that I can add mime types arrays. Where can I specify the output path and directory?

I am using bro 2.5.1 and the current github version of bro.

Thanks for working this.

[hosom]

Sorry for the slow response.

You should be able to just load one of the plugin scripts ad-hoc to make this happen:

bro -r foo.pcap file-extraction/plugins/extract-all-files.bro

This will create a directory called extracted_files and extract all of the files to that directory.

[hosom]

Did the above help with your issue?

[blacktop]

@hosom is there something I can add to local.bro that will also enable "extract-all" ?

[hosom]

@load <path-to-plugin>/scripts/plugins/extract-all-files

…

On Sat, Apr 27, 2019 at 11:59 AM blacktop ***@***.***> wrote: @hosom <https://github.com/hosom> is there something I can add to local.bro that will also enable "extract-all" ? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#6 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABGI53BJ46FCFEI6FG7BXCDPSRZ4RANCNFSM4ECSWCIA> .