[Bro] extract smtp objects

erik clark philosnef at gmail.com
Fri Oct 28 08:25:55 PDT 2016


Sorry for the clutter. I did this a different way with extract from file
analyzer. I will just script some glue with conn.log, smtp.log, and fuid. I
had originally wanted to scrap the data out of the raw smtp message (and
would still prefer to do that) with other tools entirely, so if someone has
a way to do that, that would be fantastic. :)

On Fri, Oct 28, 2016 at 11:04 AM, erik clark <philosnef at gmail.com> wrote:

> Actually, the linked script doesnt work with 2.5 at all. Is there an up to
> date version of this that is out in the public domain somewhere?
>
> On Fri, Oct 28, 2016 at 10:23 AM, erik clark <philosnef at gmail.com> wrote:
>
>> For reference, I am probably going to run an edited version of
>>
>> https://people.eecs.berkeley.edu/~mavam/teaching/cs161-sp11/
>> mime-attachment.bro
>>
>> to extract attachments, but it doesn't seem to help me too much in
>> getting the entire smtp transaction into a file. :)
>>
>> Thanks!
>>
>> erik
>>
>> On Fri, Oct 28, 2016 at 9:43 AM, erik clark <philosnef at gmail.com> wrote:
>>
>>> How can I extract an entire email, and split the attachments out into
>>> separate files in Bro?
>>>
>>> Specifically, I want the entire smtp _transaction_ (not just the body of
>>> the email, but headers as well) in a file, and then the the attachments in
>>> the smtp body extracted as well. Not sure how to go about this.
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161028/bd8c5543/attachment.html 


More information about the Bro mailing list