PAS-20: Mail Handling

Issue Information

Issue Type: New Feature
 
Priority: Major
Status: Open

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PCAP Analysis Script (PAS)
Resolution: Unresolved
Affects Version: 0.1,
Target version: 0.1,
Labels: Mail, SMTP,

Created: 2015-11-27 12:41:55
Time Spent Working
Estimated:
 
90 minutes
Remaining:
 
90 minutes
Logged:
 
0 minutes


Description
TLS connections to mail servers are already captured, but plaintext aren't.

I haven't decided yet on exactly what information should be extracted, but a starting point would be to start building something similar to webtraffic.csv so there's a record of which mailservers were connected to (and EHLO names etc)

PAS-15 is interested in extracting SMTP Plain authentication strings, so it'd be helpful if the tempfile also included those somehow, as it'd save doing a seperate tshark run.


Issue Links

blocks PAS-15: SMTP Credential Handling
blocks PAS-21: Correlate Encrypted Traffic against DNS to obtain hostname
Toggle State Changes

Activity


2015-11-27 12:42:24
btasker added 'Mail SMTP' to labels

2015-11-27 13:56:51
I've implemented a fairly basic transaction list of all SMTP commands seen. The new CSV - mailtransactions.csv - is currently pretty SMTP specific, so may need some tweaking once POP3 and IMAP are added.

2015-11-27 14:07:48

Repo: PCAPAnalyseandReport
Commit: 76d046483851fd6ca2d2e0c1b195b27cecdfadb5
Author: Ben Tasker <github@<Domain Hidden>>

Date: Fri Nov 27 13:56:03 2015 +0000
Commit Message: Implemented basic extraction of SMTP traffic. See PAS-20



Modified (-)(+)
-------
Docs/Reports.md
PCAP_Analysis.sh




Webhook User-Agent 

GitHub-Hookshot/333881f


View Commit