smtp-url.bro not parsing URLs correctly #4
Description
Hi, I've tried to use one of your Bro scripts (smtp-url.bro). I've basically captured my SMTP communication which has sent 10 emails (pure lorem ipsums with some embedded links). When I have run Bro on the pcap file with your script and I have noticed that the links embedded in the mails were not parsed correctly. The preview of the content of the url column of the resulting smtp_url_links.log is attached below:
http://anaahem.com/DROPBOX/dropbox/dropbox/index.php orci sollicitudin
http://icloud9712.com/ nulla felis, dignissim id finibus eu, maximus sed
https://purchase-payments.no.com/webapps/60c2f/ ultricies mauris porttitor.
https://purchase-payments.no.com/webapps/60c2f/ aliquet vel.
http://cnttststsak.tk/ congue semper eros, vitae
As you can see, the parsed URLs contain more tokens then they should. As in this case the optimal result would look something like:
http://anaahem.com/DROPBOX/dropbox/dropbox/index.php
http://icloud9712.com/
https://purchase-payments.no.com/webapps/60c2f/
https://purchase-payments.no.com/webapps/60c2f/
http://cnttststsak.tk/
Please, would you know how to fix this problem? Thanks for the good job, btw :).