From 5ca515c4bf7d209e3aef17cb91d922976be9af94 Mon Sep 17 00:00:00 2001
From: qux-bbb <1147635419@qq.com>
Date: Sat, 4 Jul 2020 16:25:03 +0800
Subject: [PATCH 1/2] Update network_http.py

Some HTTP requests only have request but not response, so http section is better.
---
 modules/signatures/network/network_http.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/modules/signatures/network/network_http.py b/modules/signatures/network/network_http.py
index ee596f8a..b7197f9b 100644
--- a/modules/signatures/network/network_http.py
+++ b/modules/signatures/network/network_http.py
@@ -28,12 +28,10 @@ class NetworkHTTP(Signature):
     ]
 
     def on_complete(self):
-        for http in getattr(self, "get_net_http_ex", lambda: [])():
+        for http in self.get_net_http():
             if http["host"] in self.host_safelist:
                 continue
 
-            self.mark_ioc("request", "%s %s://%s%s" % (
-                http["method"], http["protocol"], http["host"], http["uri"],
-            ))
+            self.mark_ioc("request", "%s %s" % (http["method"], http["uri"]))
 
         return self.has_marks()

From 4118ffb50d3d81d12b987687ee14a1c13b2fd39e Mon Sep 17 00:00:00 2001
From: qux-bbb <1147635419@qq.com>
Date: Fri, 17 Jul 2020 12:30:24 +0800
Subject: [PATCH 2/2] Update network_http.py

add some https requests
---
 modules/signatures/network/network_http.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/modules/signatures/network/network_http.py b/modules/signatures/network/network_http.py
index b7197f9b..5b4b56bd 100644
--- a/modules/signatures/network/network_http.py
+++ b/modules/signatures/network/network_http.py
@@ -29,9 +29,14 @@ class NetworkHTTP(Signature):
 
     def on_complete(self):
         for http in self.get_net_http():
-            if http["host"] in self.host_safelist:
+            if http["host"].endswith(self.exclude_domain_tails):
                 continue
-
             self.mark_ioc("request", "%s %s" % (http["method"], http["uri"]))
+        for http in self.get_net_generic("https_ex"):
+            if http["host"].endswith(self.exclude_domain_tails):
+                continue
+            self.mark_ioc("request", "%s %s://%s%s" % (
+                http["method"], http["protocol"], http["host"], http["uri"],
+            ))
 
         return self.has_marks()