########################################################################################## PAS-15: SMTP Credential Handling ########################################################################################## Issue Type: Task ----------------------------------------------------------------------------------------- Issue Information ==================== Priority: Major Status: Open Resolution: Unresolved Project: PCAP Analysis Script (PAS) Reported By: btasker Assigned To: btasker Components: - Mail Affected Versions: - 0.1 Targeted for fix in version: - 0.1 Time Estimate: 0 minutes Time Logged: 0 minutes ----------------------------------------------------------------------------------------- Issue Description ================== As of commit 8c5128 ( https://github.com/bentasker/PCAPAnalyseandReport/commit/78c5128433edaa9cd3808808276f65ab24bee491 ) the script will extract and record any HTTP Basic auth credentials observed. It'd be good to do the same for SMTP Plain, though as we're not really handling mail connections at the moment a tshark run will need to be introduced. ----------------------------------------------------------------------------------------- Issue Relations ================ - is blocked by PAS-20: Mail Handling ----------------------------------------------------------------------------------------- Activity ========== ----------------------------------------------------------------------------------------- 2015-11-27 12:39:23 btasker ----------------------------------------------------------------------------------------- This is fairly simple to set up, we should just need to extract smtp.auth.password where smtp.req.command=="AUTH" and the parse it to see if it's plain. That said, as I want to do some mail related stuff anyway, I'm going to raise a blocking issue to implement SMTP support. Whilst this is quick and easy to drop in, I'll likely only end up needing to re-structure later when putting the other SMTP stuff in