def run(): foo = EmlServer(('127.0.0.1', 1025), None) # logger.info("SMTP server started...") logger.info("SMTP Server Started: {}: {}".format('127.0.0.1', 1025)) try: asyncore.loop() except KeyboardInterrupt: pass
def process_message(self, peer, mailfrom, rcpttos, data, **kwargs): # def process_message(self, peer, mailfrom, rcpttos, data, kwargs): filename = '%s-%d.eml' % (datetime.now().strftime('%Y%m%d%H%M%S'), self.no) filename = 'inbox/' + filename # print(filename) f = open(filename, 'w') f.write(data.decode()) logger.info("Email saved as: {}".format(filename)) self.no += 1
def send_list_command_to_gmail(self, list_command): try: for str_command in list_command: byte_command = str_command.encode() logger.info("Bot --> Gmail: {}".format(byte_command)) self.gmail_client_socket.sendall(byte_command) time.sleep(0.1) del list_command[:] except Exception as e: logger.error("Gmail client closed with exception: {}".format(e))
def send_to_gmail(self, data): logger.debug("Previous command: {}".format(self.command)) logger.info("Thunderbird --> Gmail: {}".format(data)) command_str = data.decode() try: if self.command != 'append': command_as_list = command_str.rstrip().split() self.tag = command_as_list[0] self.command = command_as_list[1] if self.command == 'append': pass elif self.command == 'UID' and command_as_list[2] == 'fetch': header_fetch_str = 'UID RFC822.SIZE FLAGS BODY.PEEK[HEADER.FIELDS' # body_fetch_str = 'UID RFC822.SIZE BODY.PEEK' body_fetch_str = 'UID RFC822.SIZE BODY' if header_fetch_str in command_str: self.fetch_header_tag = True elif body_fetch_str in command_str: self.fetch_body_tag = True logger.info("body tag set") else: pass else: pass else: # command is append if data != b'\r\n': self.command_data.append(command_str) logger.debug("command data in string: {}".format(self.command_data)) else: # end of append command # for time prev_time = datetime.datetime.now() is_recipient_vip, mail_object, to_address = cra.check_if_recipient_is_vip(self.command_data) if not is_recipient_vip: logger.info("To address: {} is not a vip, send it directly to gmail".format(to_address)) # self.send_list_command_to_gmail(self.command_data) else: self.command = '' del self.command_data[:] # this will send real email using mutated from address m.mutate_and_send(mail_object) curr_time = datetime.datetime.now() time_diff = curr_time - prev_time self.save_time_diff_in_file('mutation_time_MB_2.txt', time_diff.microseconds) logger.debug("Command and tags: {} and {}".format(self.command, self.tag)) logger.info("Data is sending to gmail: {}".format(data)) self.gmail_client_socket.sendall(data) except IndexError as e: logger.error("Gmail client closed with exception: {}".format(e))
import smtp_server from custom_log import logger HOST = '127.0.0.1' PORT = 1143 first_time = True bind_ip = HOST bind_port = PORT server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) server.bind((bind_ip, bind_port)) server.listen(5) # max backlog of connections logger.info("IMAP Server Started: {}: {}".format(bind_ip, bind_port)) def handle_thunderbird_client_connection(thunderbird_client_socket, gmail_client): try: while True: response = thunderbird_client_socket.recv(1024) if not response: break else: gmail_client.send_to_gmail(response) except Exception as e: logger.error("Thunderbird client closed with exception: {}".format(e)) traceback.print_exc()
def send_raw_response_to_thinderbird(self, byte_response, additional_string=None): if additional_string is None: additional_string = "Gmail --> Thunderbird: {}" logger.info(additional_string.format(byte_response)) self.thunderbird_client_socket.send(byte_response)
def receive_and_send(self): logger.info("Gmail client is ready to receive and send back to ThunderBird") list_response = [] while True: try: r = self.gmail_client_socket.recv(1024) if not r: break; else: str_response = r.decode() logger.debug("String Response: {}".format(str_response)) capability = '* CAPABILITY IMAP4rev1 YESAUTH\r\n' + \ self.tag + ' OK Pre-login capabilities listed, post-login capabilities have more\r\n' if 'CAPABILITY' in str_response: if 'authenticated (Success)' not in str_response: str_response = capability else: str_response = self.tag + ' OK login (Success)\r\n' list_response.append(str_response) one_sentence_response = cra.get_one_sentence(list_response) if self.fetch_header_tag: if 'OK Success' in one_sentence_response: word_before_ok = self.previous_word('OK', one_sentence_response.split()) if self.tag == word_before_ok: self.fetch_header_tag = False logger.info("Fetched Email Header for analysis: {}".format(one_sentence_response)) from_address = cra.get_sender_email_address(one_sentence_response) logger.info("from_address: {}".format(from_address)) is_vip = cra.check_if_sender_vip(from_address) if is_vip: # self.threat_flag = True # self.flag_dict['threat_flag'] = True logger.info("From address: {} is VIP, will adding THREAT alert in subject".format( from_address)) one_sentence_response = cra.add_threat_in_subject(one_sentence_response) elif cra.check_if_sender_shadow(from_address): is_authentic, real_from_address = m.validate_sender(from_address, TO_ADDRESS) if is_authentic: logger.info("Mutation Authentication complete, will remove mutation id...") self.shadow_sender_address = from_address self.real_sender_address = real_from_address # self.will_remove_mutation_id = True self.flag_dict['remove_mutation_id_flag'] = True one_sentence_response = cra.remove_mutation_id(one_sentence_response, self.shadow_sender_address, self.real_sender_address) else: # self.threat_flag = True self.flag_dict['threat_flag'] = True logger.info("Mutation Authentication failed, adding THREAT alert") one_sentence_response = cra.add_threat_in_subject(one_sentence_response) else: pass self.flag_queue.put(self.flag_dict) else: continue # if self.fetch_body_tag: # if 'OK Success' in one_sentence_response: # word_before_ok = self.previous_word('OK', one_sentence_response.split()) # if self.tag == word_before_ok: # self.fetch_body_tag = False # if not self.flag_queue.empty(): # flag_dict = self.flag_queue.get() # threat_flag = flag_dict['threat_flag'] # remove_mutation_id_flag = flag_dict['remove_mutation_id_flag'] # if threat_flag: # one_sentence_response = cra.add_threat_in_subject(one_sentence_response) # if remove_mutation_id_flag: # one_sentence_response = cra.remove_mutation_id(one_sentence_response) # logger.info("mutation id removed...") # else: # continue if self.fetch_body_tag: if 'OK Success' in one_sentence_response: word_before_ok = self.previous_word('OK', one_sentence_response.split()) if self.tag == word_before_ok: self.fetch_body_tag = False logger.info("Fetched Complete Email for analysis: {}".format(one_sentence_response)) # can produce error # from_address = cra.get_sender_email_address(one_sentence_response) to_address, from_address, mail_object = cu.get_mail_from_str(one_sentence_response) logger.info("from_address: {}, to_address: {}".format(from_address, to_address)) # for time diff prev_time = datetime.datetime.now() is_vip = cra.check_if_sender_vip(from_address) if is_vip: # self.threat_flag = True # self.flag_dict['threat_flag'] = True logger.info("From address: {} is VIP, will adding THREAT alert in subject".format( from_address)) one_sentence_response = cra.add_threat_in_subject(one_sentence_response) # for time diff curr_time = datetime.datetime.now() time_diff = curr_time - prev_time self.save_time_diff_in_file('verification_time_MB_2.txt', time_diff.microseconds) elif cra.check_if_sender_shadow(from_address): is_authentic, real_from_address = m.validate_sender(from_address, to_address) if is_authentic: logger.info("Mutation Authentication complete, will remove mutation id...") # self.shadow_sender_address = from_address # self.real_sender_address = real_from_address # self.will_remove_mutation_id = True # self.flag_dict['remove_mutation_id_flag'] = True # one_sentence_response = cra.remove_mutation_id(one_sentence_response, # self.shadow_sender_address, # self.real_sender_address) one_sentence_response = cra.remove_mutation_id(one_sentence_response, from_address, real_from_address) else: # self.threat_flag = True # self.flag_dict['threat_flag'] = True logger.info("Mutation Authentication failed, adding THREAT alert") one_sentence_response = cra.add_threat_in_subject(one_sentence_response) # for time diff curr_time = datetime.datetime.now() time_diff = curr_time - prev_time self.save_time_diff_in_file('verification_time_MB_2.txt', time_diff.microseconds) else: pass # self.flag_queue.put(self.flag_dict) else: continue # one_sentence_response = cra.get_one_sentence(list_response) self.send_response_to_thinderbird(one_sentence_response) del list_response[:] # self.send_list_response_to_thinderbird(list_response) except BrokenPipeError as e: logger.error("ThunderBird Client socket is down: {}".format(e)) traceback.print_exc() return