RE: Sniffing email attachments

[Bill Higgins <bill.higgins () autodesk com>]

Attachments are Mime encoded, so you should be able to find the area within the encoding, extract that, and run it 
through a mime decoder.



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of sfmailsbm () gmail com
Sent: Monday, April 13, 2009 5:06 AM
To: security-basics () securityfocus com
Subject: Sniffing email attachments

Hi List,
We all know about sniffing email traffic which is unencrypted (both SMTP traffic and MAPI traffic - MS Exchange Server)

The mail body can be easily accessed from the network dumps, however what about the attachments in the email. is there 
an *easy* way/tool to reconstruct email attachments from the network dump?

thanks all for ur valuable feedback

Regards,
Ronish



------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a 
Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized 
certs available, online computer forensics training available.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------