Skip to content

Instantly share code, notes, and snippets.

@albertzaharovits

albertzaharovits/smtp-data.bro

Created September 29, 2015 11:21
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save albertzaharovits/cc0e5b72d26c984433d9 to your computer and use it in GitHub Desktop.
Save albertzaharovits/cc0e5b72d26c984433d9 to your computer and use it in GitHub Desktop.
Download ZIP
Bro extract SMTP data (eml), cache in Redis
Raw
smtp-data.bro
@load base/protocols/conn
@load base/protocols/smtp
event mime_all_data(c: connection, length: count, data: string)
{
local conn_key: string;
local cmd: string;
if ( ! c?$smtp )
return;
conn_key = cat(c$smtp$uid, "_", c$smtp$trans_depth);
cmd = "/usr/bin/redis-cli -n 2 ";
cmd = cat(cmd, "SETEX '", conn_key, "' 259200 '", encode_base64(data), "'");
when ( local res = Exec::run([$cmd=cmd])) {}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment