/libhtp

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces.

Primary LanguageC++BSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

LibHTP
============================================================================
Copyright 2009-2010 Open Information Security Foundation
Copyright 2010-2013 Qualys, Inc.
============================================================================

LibHTP is a security-aware parser for the HTTP protocol and the related bits
and pieces. The goals of the project, in the order of importance, are as
follows:

 1. Completeness of coverage; LibHTP must be able to parse virtually all
    traffic that is found in practice.

 2. Permissive parsing; LibHTP must never fail to parse a stream that would
    be parsed by some other web server.

 3. Awareness of evasion techniques; LibHTP must be able to detect and
    effectively deal with various evasion techniques, producing, where
    practical, identical or practically identical results as the web
    server processing the same traffic stream.

 4. Performance; The performance must be adequate for the desired tasks.
    Completeness and security are often detrimental to performance. Our
    idea of handling the conflicting requirements is to put the library
    user in control, allowing him to choose the most desired library
    characteristic.

 | IMPORTANT   LIBHTP IS NOT YET CONSIDERED STABLE. USE AT YOUR OWN RISK. DO NOT
 |             USE IN PRODUCTION. WORK IS CURRENTLY UNDER WAY TO ENSURE THAT
 |             LIBHTP IS SECURE AND THAT IT PERFORMS WELL.

 | STATUS      LIBHTP IS VERY YOUNG AT THIS POINT. IT WILL BE SOME TIME BEFORE
 |             IT CAN BE CONSIDER COMPLETE. AT THE MOMENT, THE FOCUS OF DEVELOPMENT
 |             IS ON ACHIEVING THE FIRST TWO GOALS.

See the LICENSE, COPYING and NOTICE files distributed with this work for
information regarding licensing, copying and copyright ownership.


INSTALLATION
------------

Assuming you're using an already packaged version of LibHTP, the installation
process should be as simple as:

  $ sudo chmod u+x autogen.sh
  $ ./autogen.sh
  $ ./configure
  $ make
  $ sudo make install

If you've retrieved your LibHTP directly from the repository, you will need
to perform the following steps first:

 1. Update the version number in VERSION.

 2. Run autogen.sh, which will update the build system.



DOCUMENTATION
-------------

The best documentation at this time is the code itself and the Doxygen output (which
should be all right). There's also a quick start guide in the doc/ folder, which
should give you enough information to get going.


LICENSE
-------

LibHTP is licensed under the BSD 3-Clause license (also known as "BSD New" and
"BSD Simplified".) The complete text of the license is enclosed in the file LICENSE.