[Bro] extract smtp objects
erik clark
philosnef at gmail.com
Fri Oct 28 08:04:10 PDT 2016
Actually, the linked script doesnt work with 2.5 at all. Is there an up to
date version of this that is out in the public domain somewhere?
On Fri, Oct 28, 2016 at 10:23 AM, erik clark <philosnef at gmail.com> wrote:
> For reference, I am probably going to run an edited version of
>
> https://people.eecs.berkeley.edu/~mavam/teaching/cs161-
> sp11/mime-attachment.bro
>
> to extract attachments, but it doesn't seem to help me too much in getting
> the entire smtp transaction into a file. :)
>
> Thanks!
>
> erik
>
> On Fri, Oct 28, 2016 at 9:43 AM, erik clark <philosnef at gmail.com> wrote:
>
>> How can I extract an entire email, and split the attachments out into
>> separate files in Bro?
>>
>> Specifically, I want the entire smtp _transaction_ (not just the body of
>> the email, but headers as well) in a file, and then the the attachments in
>> the smtp body extracted as well. Not sure how to go about this.
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161028/528c0a61/attachment.html
More information about the Bro
mailing list