SSL Profiling in Bro
I wrote profiling applications over SSL recently and this is my attempt at doing so in Bro. I haven't written a Bro script before this one so I'm betting I've got a bunch of things wrong here. The code comes in two parts. The first is the main script which has the core logic. The second part is the "local" script which defines the application profiles you are interested in.
The Main Script
@load base/protocols/conn @load base/protocols/ssl @load base/frameworks/notice