[Bro] extract smtp objects

erik clark philosnef at gmail.com
Fri Oct 28 07:23:25 PDT 2016


For reference, I am probably going to run an edited version of

https://people.eecs.berkeley.edu/~mavam/teaching/cs161-sp11/mime-attachment.bro

to extract attachments, but it doesn't seem to help me too much in getting
the entire smtp transaction into a file. :)

Thanks!

erik

On Fri, Oct 28, 2016 at 9:43 AM, erik clark <philosnef at gmail.com> wrote:

> How can I extract an entire email, and split the attachments out into
> separate files in Bro?
>
> Specifically, I want the entire smtp _transaction_ (not just the body of
> the email, but headers as well) in a file, and then the the attachments in
> the smtp body extracted as well. Not sure how to go about this.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161028/c0388e53/attachment.html 


More information about the Bro mailing list