[Bro] extract smtp objects
philosnef at gmail.com
Fri Oct 28 08:25:55 PDT 2016
Sorry for the clutter. I did this a different way with extract from file
analyzer. I will just script some glue with conn.log, smtp.log, and fuid. I
had originally wanted to scrap the data out of the raw smtp message (and
would still prefer to do that) with other tools entirely, so if someone has
a way to do that, that would be fantastic. :)
On Fri, Oct 28, 2016 at 11:04 AM, erik clark <philosnef at gmail.com> wrote:
> Actually, the linked script doesnt work with 2.5 at all. Is there an up to
> date version of this that is out in the public domain somewhere?
> On Fri, Oct 28, 2016 at 10:23 AM, erik clark <philosnef at gmail.com> wrote:
>> For reference, I am probably going to run an edited version of
>> to extract attachments, but it doesn't seem to help me too much in
>> getting the entire smtp transaction into a file. :)
>> On Fri, Oct 28, 2016 at 9:43 AM, erik clark <philosnef at gmail.com> wrote:
>>> How can I extract an entire email, and split the attachments out into
>>> separate files in Bro?
>>> Specifically, I want the entire smtp _transaction_ (not just the body of
>>> the email, but headers as well) in a file, and then the the attachments in
>>> the smtp body extracted as well. Not sure how to go about this.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro