PAS-15: SMTP Credential Handling

Issue Information

Issue Type: Task
Priority: Major
Status: Open

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PCAP Analysis Script (PAS)
Resolution: Unresolved
Affects Version: 0.1,
Target version: 0.1,
Components: Mail ,

Created: 2015-11-26 16:11:39
Time Spent Working

As of commit 8c5128 ( View Commit ) the script will extract and record any HTTP Basic auth credentials observed.

It'd be good to do the same for SMTP Plain, though as we're not really handling mail connections at the moment a tshark run will need to be introduced.

Issue Links

Toggle State Changes


This is fairly simple to set up, we should just need to extract smtp.auth.password where smtp.req.command=="AUTH" and the parse it to see if it's plain.

That said, as I want to do some mail related stuff anyway, I'm going to raise a blocking issue to implement SMTP support. Whilst this is quick and easy to drop in, I'll likely only end up needing to re-structure later when putting the other SMTP stuff in