alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET ATTACK_RESPONSE Possible BeEF HTTP Headers Inbound"; flow:established,from_server; http.header; content:"Content-Type|3a 20|text/javascript|0d 0a|Server|3a 20|Apache/2.2.3 (CentOS)|0d 0a|Pragma|3a|"; fast_pattern; depth:69; content:"|0d 0a|Expires|3a 20|0|0d 0a|"; http.header_names; content:!"Set-Cookie|0d 0a|"; content:!"X-Powered-By|0d 0a|"; classtype:attempted-user; sid:2024421; rev:4; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2017_06_23, deployment Perimeter, performance_impact Moderate, confidence Medium, signature_severity Major, updated_at 2020_11_05;)