Shellshock over HTTP Bundle, DE Compatible

bundle

#1

###Bundle details and download
https://www.extrahop.com/bundles/ryanc/shellshock-over-http/

###Description
I think we’ve all read about the Shellshock Bash vulnerability by now. In case you haven’t, I encourage you to read this great post by Troy Hunt titled Everything you need to know about the Shellshock Bash Bug.

This nasty bug has many attack vectors, but we are going to focus on arguably the most widespread one: HTTP. Getting an ExtraHop appliance to detect attempts at exploiting this bug over HTTP is not difficult, and so I made a bundle to do just that. This bundle adds an AI Trigger to record whenever an HTTP Header containing an exploit attempt is observed and stores both the client and server IP so you know where it came from and where it was destined; a Custom Page to chart these attempts over time; and an Alert to let you know when a attempt is made.