I have to implement a dsniff version for bro as my final year project. So I started by writing bro scripts where I use protocol events that were implemented by Bro. The thing is Bro didn't implement events for all the protocols and LDAP is one of protocol that suffer from absence of events in BRO. So I was wondering what is the best way to achieve this. I mean : Do I need to add dissectors and events for theses protocols, or do I need to use some functionality of that I missed? (I'm newbie in Bro)
Thank you very much for your help.
For others that want to do the same as me, there's no analyser implemented for ldap. But this not a big problem because there's a handfull tool that helps us to write, simply and easily, analysers of protocols that uses Tcp or UDP as transport layed. This tools is called Binpac. Here's a link of a quickstart up: https://www.youtube.com/watch?v=1eDIl9y6ZnM. And for people who wanted to know what we have managed to do for the project Bro-Dsniff, here's the link of git : https://github.com/rsabir/bro-dsniff