Created
November 21, 2013 20:28
-
-
Save econchick/7589033 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "metadata": { | |
| "name": "" | |
| }, | |
| "nbformat": 3, | |
| "nbformat_minor": 0, | |
| "worksheets": [ | |
| { | |
| "cells": [ | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "from scapy.all import *" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [], | |
| "prompt_number": 1 | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "sample_smtp = \"data/smtp.pcap\"\n", | |
| "packets = sniff(offline=sample_smtp)" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [], | |
| "prompt_number": 2 | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "packets.nsummary()" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [ | |
| { | |
| "output_type": "stream", | |
| "stream": "stdout", | |
| "text": [ | |
| "0000 Ether / IP / UDP / DNS Qry \"mail.patriots.in.\" \n", | |
| "0001 Ether / IP / UDP / DNS Ans \"patriots.in.\" \n", | |
| "0002 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp S\n", | |
| "0003 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact SA\n", | |
| "0004 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp A\n", | |
| "0005 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact PA / Raw\n", | |
| "0006 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp PA / Raw\n", | |
| "0007 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact A / Padding\n", | |
| "0008 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact PA / Raw\n", | |
| "0009 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp PA / Raw\n", | |
| "0010 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact PA / Raw\n", | |
| "0011 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp PA / Raw\n", | |
| "0012 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact PA / Raw\n", | |
| "0013 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp PA / Raw\n", | |
| "0014 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact PA / Raw\n", | |
| "0015 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp PA / Raw\n", | |
| "0016 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact PA / Raw\n", | |
| "0017 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp PA / Raw\n", | |
| "0018 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact PA / Raw\n", | |
| "0019 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp PA / Raw\n", | |
| "0020 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact PA / Raw\n", | |
| "0021 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp A / Raw\n", | |
| "0022 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp A / Raw\n", | |
| "0023 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp A / Raw\n", | |
| "0024 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp A / Raw\n", | |
| "0025 Ether / IP / ICMP 192.168.1.1 > 10.10.1.4 dest-unreach fragmentation-needed / IPerror / TCPerror / Raw\n", | |
| "0026 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp A / Raw\n", | |
| "0027 Ether / IP / ICMP 192.168.1.1 > 10.10.1.4 dest-unreach fragmentation-needed / IPerror / TCPerror / Raw\n", | |
| "0028 Ether / IP / ICMP 192.168.1.1 > 10.10.1.4 dest-unreach fragmentation-needed / IPerror / TCPerror / Raw\n", | |
| "0029 Ether / IP / ICMP 192.168.1.1 > 10.10.1.4 dest-unreach fragmentation-needed / IPerror / TCPerror / Raw\n", | |
| "0030 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact A / Padding\n", | |
| "0031 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp A / Raw\n", | |
| "0032 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp A / Raw\n", | |
| "0033 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact A / Padding\n", | |
| "0034 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp A / Raw\n", | |
| "0035 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp A / Raw\n", | |
| "0036 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact A / Padding\n", | |
| "0037 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp PA / Raw\n", | |
| "0038 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp A / Raw\n", | |
| "0039 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact A / Padding\n", | |
| "0040 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp A / Raw\n", | |
| "0041 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp A / Raw\n", | |
| "0042 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact A / Padding\n", | |
| "0043 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp A / Raw\n", | |
| "0044 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp PA / Raw\n", | |
| "0045 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact A / Padding\n", | |
| "0046 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact A / Padding\n", | |
| "0047 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact A / Padding\n", | |
| "0048 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact A / Padding\n", | |
| "0049 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact A / Padding\n", | |
| "0050 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact A / Padding\n", | |
| "0051 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact PA / Raw\n", | |
| "0052 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp A\n", | |
| "0053 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp PA / Raw\n", | |
| "0054 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp FA\n", | |
| "0055 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact PA / Raw\n", | |
| "0056 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact FA / Padding\n", | |
| "0057 Ether / IP / TCP 10.10.1.4:uaiact > 74.53.140.153:smtp A\n", | |
| "0058 Ether / IP / TCP 74.53.140.153:smtp > 10.10.1.4:uaiact A / Padding\n", | |
| "0059 Ether / IP / UDP 10.10.1.20:netbios_dgm > 10.10.1.255:netbios_dgm / NBTDatagram / Raw\n" | |
| ] | |
| } | |
| ], | |
| "prompt_number": 3 | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "packets[11]" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [ | |
| { | |
| "metadata": {}, | |
| "output_type": "pyout", | |
| "prompt_number": 4, | |
| "text": [ | |
| "<Ether dst=00:1f:33:d9:81:60 src=00:e0:1c:3c:17:c2 type=0x800 |<IP version=4L ihl=5L tos=0x0 len=70 id=9513 flags=DF frag=0L ttl=128 proto=tcp chksum=0xf3ac src=10.10.1.4 dst=74.53.140.153 options=[] |<TCP sport=uaiact dport=smtp seq=2126795718 ack=2934727424 dataofs=5L reserved=0L flags=PA window=65199 chksum=0x22a4 urgptr=0 options=[] |<Raw load='Z3VycGFydGFwQHBhdHJpb3RzLmlu\\r\\n' |>>>>" | |
| ] | |
| } | |
| ], | |
| "prompt_number": 4 | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "raw = packets[11].getlayer(Raw)" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [], | |
| "prompt_number": 5 | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "raw" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [ | |
| { | |
| "metadata": {}, | |
| "output_type": "pyout", | |
| "prompt_number": 6, | |
| "text": [ | |
| "<Raw load='Z3VycGFydGFwQHBhdHJpb3RzLmlu\\r\\n' |>" | |
| ] | |
| } | |
| ], | |
| "prompt_number": 6 | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "load = raw.fields.get('load').split()[0]" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [], | |
| "prompt_number": 7 | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "load" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [ | |
| { | |
| "metadata": {}, | |
| "output_type": "pyout", | |
| "prompt_number": 8, | |
| "text": [ | |
| "'Z3VycGFydGFwQHBhdHJpb3RzLmlu'" | |
| ] | |
| } | |
| ], | |
| "prompt_number": 8 | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "import base64\n", | |
| "base64.b64decode(load)" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [ | |
| { | |
| "metadata": {}, | |
| "output_type": "pyout", | |
| "prompt_number": 9, | |
| "text": [ | |
| "'gurpartap@patriots.in'" | |
| ] | |
| } | |
| ], | |
| "prompt_number": 9 | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "packets[12]\n", | |
| "raw = packets[12].getlayer(Raw)\n", | |
| "load = raw.fields.get('load')\n", | |
| "some_encoded_string = load.split(' ')[1]\n", | |
| "print some_encoded_string" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [ | |
| { | |
| "output_type": "stream", | |
| "stream": "stdout", | |
| "text": [ | |
| "UGFzc3dvcmQ6\r\n", | |
| "\n" | |
| ] | |
| } | |
| ], | |
| "prompt_number": 17 | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "base64.b64decode(some_encoded_string) # only need the encoded part" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [ | |
| { | |
| "metadata": {}, | |
| "output_type": "pyout", | |
| "prompt_number": 18, | |
| "text": [ | |
| "'Password:'" | |
| ] | |
| } | |
| ], | |
| "prompt_number": 18 | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "raw = packets[13].getlayer(Raw)\n", | |
| "load = raw.fields.get('load').split()[0]\n", | |
| "print load" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [ | |
| { | |
| "output_type": "stream", | |
| "stream": "stdout", | |
| "text": [ | |
| "cHVuamFiQDEyMw==\n" | |
| ] | |
| } | |
| ], | |
| "prompt_number": 19 | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "base64.b64decode(load) # what could this be?!?" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [ | |
| { | |
| "metadata": {}, | |
| "output_type": "pyout", | |
| "prompt_number": 20, | |
| "text": [ | |
| "'punjab@123'" | |
| ] | |
| } | |
| ], | |
| "prompt_number": 20 | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "# ^^ a password! " | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [], | |
| "prompt_number": 21 | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [ | |
| "def filter_packet_by_string(pkt, string):\n", | |
| " if pkt.haslayer(Raw):\n", | |
| " raw_load = pkt.getlayer(Raw).fields.get('load')\n", | |
| " if string in raw_load:\n", | |
| " print pkt.sprintf(\"\\n**QUERY FOUND:**\\nFrom {IP:%IP.src% -> %IP.dst%\\n}\")\n", | |
| " print raw_load\n", | |
| "\n", | |
| "for pkt in packets:\n", | |
| " filter_packet_by_string(pkt, 'attachment')" | |
| ], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [ | |
| { | |
| "output_type": "stream", | |
| "stream": "stdout", | |
| "text": [ | |
| "\n", | |
| "**QUERY FOUND:**\n", | |
| "From 10.10.1.4 -> 74.53.140.153\n", | |
| "\n", | |
| "From: \"Gurpartap Singh\" <gurpartap@patriots.in>\r\n", | |
| "To: <raj_deol2002in@yahoo.co.in>\r\n", | |
| "Subject: SMTP\r\n", | |
| "Date: Mon, 5 Oct 2009 11:36:07 +0530\r\n", | |
| "Message-ID: <000301ca4581$ef9e57f0$cedb07d0$@in>\r\n", | |
| "MIME-Version: 1.0\r\n", | |
| "Content-Type: multipart/mixed;\r\n", | |
| "\tboundary=\"----=_NextPart_000_0004_01CA45B0.095693F0\"\r\n", | |
| "X-Mailer: Microsoft Office Outlook 12.0\r\n", | |
| "Thread-Index: AcpFgem9BvjjZEDeR1Kh8i+hUyVo0A==\r\n", | |
| "Content-Language: en-us\r\n", | |
| "x-cr-hashedpuzzle: SeA= AAR2 ADaH BpiO C4G1 D1gW FNB1 FPkR Fn+W HFCP HnYJ JO7s Kum6 KytW LFcI LjUt;1;cgBhAGoAXwBkAGUAbwBsADIAMAAwADIAaQBuAEAAeQBhAGgAbwBvAC4AYwBvAC4AaQBuAA==;Sosha1_v1;7;{CAA37F59-1850-45C7-8540-AA27696B5398};ZwB1AHIAcABhAHIAdABhAHAAQABwAGEAdAByAGkAbwB0AHMALgBpAG4A;Mon, 05 Oct 2009 06:06:01 GMT;UwBNAFQAUAA=\r\n", | |
| "x-cr-puzzleid: {CAA37F59-1850-45C7-8540-AA27696B5398}\r\n", | |
| "\r\n", | |
| "This is a multipart message in MIME format.\r\n", | |
| "\r\n", | |
| "------=_NextPart_000_0004_01CA45B0.095693F0\r\n", | |
| "Content-Type: multipart/alternative;\r\n", | |
| "\tboundary=\"----=_NextPart_001_0005_01CA45B0.095693F0\"\r\n", | |
| "\r\n", | |
| "\r\n", | |
| "------=_NextPart_001_0005_01CA45B0.095693F0\r\n", | |
| "Content-Type: text/plain;\r\n", | |
| "\tcharset=\"us-ascii\"\r\n", | |
| "Content-Transfer-Encoding: 7bit\r\n", | |
| "\r\n", | |
| "Hello\r\n", | |
| "\r\n", | |
| " \r\n", | |
| "\r\n", | |
| "I send u smtp pcap file \r\n", | |
| "\r\n", | |
| "Find the attachment\r\n", | |
| "\r\n", | |
| " \r\n", | |
| "\r\n", | |
| "GPS\r\n", | |
| "\r\n", | |
| "\r\n", | |
| "------=_NextPart_001_0005_01CA45B0.095693F0\r\n", | |
| "Content-Type: text/html;\r\n", | |
| "\tcharset=\"us-ascii\"\r\n", | |
| "Content-Transfer-Encoding: quoted-printable\r\n", | |
| "\r\n", | |
| "<html xmlns:v=3D\"urn:schemas-microsoft-com:vml\" =\r\n", | |
| "xmlns:o=3D\"urn:schemas-microsoft-com:office:office\" =\r\n", | |
| "xmlns:w=3D\"urn:schemas-microso\n", | |
| "\n", | |
| "**QUERY FOUND:**\n", | |
| "From 10.10.1.4 -> 74.53.140.153\n", | |
| "\n", | |
| "\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal>Hello<o:p></o:p></p>\r\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal><o:p> </o:p></p>\r\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal>I send u smtp pcap file <o:p></o:p></p>\r\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal>Find the attachment<o:p></o:p></p>\r\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal><o:p> </o:p></p>\r\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal>GPS<o:p></o:p></p>\r\n", | |
| "\r\n", | |
| "</div>\r\n", | |
| "\r\n", | |
| "</body>\r\n", | |
| "\r\n", | |
| "</html>\r\n", | |
| "\r\n", | |
| "------=_NextPart_001_0005_01CA45B0.095693F0--\r\n", | |
| "\r\n", | |
| "------=_NextPart_000_0004_01CA45B0.095693F0\r\n", | |
| "Content-Type: text/plain;\r\n", | |
| "\tname=\"NEWS.txt\"\r\n", | |
| "Content-Transfer-Encoding: quoted-printable\r\n", | |
| "Content-Disposition: attachment;\r\n", | |
| "\tfilename=\"NEWS.txt\"\r\n", | |
| "\r\n", | |
| "Version 4.9.9.1\r\n", | |
| "* Many bug fixes\r\n", | |
| "* Improved editor\r\n", | |
| "\r\n", | |
| "Version 4.9.9.0\r\n", | |
| "* Support for latest Mingw compiler system builds\r\n", | |
| "* Bug fixes\r\n", | |
| "\r\n", | |
| "Version 4.9.8.9\r\n", | |
| "* New code tooltip display\r\n", | |
| "* Improved Indent/Unindent and Remove Comment\r\n", | |
| "* Improved automatic indent\r\n", | |
| "* Added support for the \"interface\" keyword\r\n", | |
| "* WebUpdate should now report installation problems from PackMan\r\n", | |
| "* New splash screen and association icons\r\n", | |
| "* Improved installer\r\n", | |
| "* Many bug fixes\r\n", | |
| "\r\n", | |
| "Version 4.9.8.7\r\n", | |
| "* Added support for GCC > 3.2\r\n", | |
| "* Debug variables are now resent during next debug session\r\n", | |
| "* Watched Variables not in correct context are now kept and updated when =\r\n", | |
| "it is needed\r\n", | |
| "* Added new compiler/linker options:=20\r\n", | |
| " - Strip executable\r\n", | |
| " - Generate instructions for a specific machine (i386, i486, i586, =\r\n", | |
| "i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4,=20\r\n", | |
| " k6, k6-2, k6-3\n", | |
| "\n", | |
| "**QUERY FOUND:**\n", | |
| "From 10.10.1.4 -> 74.53.140.153\n", | |
| "\n", | |
| "From: \"Gurpartap Singh\" <gurpartap@patriots.in>\r\n", | |
| "To: <raj_deol2002in@yahoo.co.in>\r\n", | |
| "Subject: SMTP\r\n", | |
| "Date: Mon, 5 Oct 2009 11:36:07 +0530\r\n", | |
| "Message-ID: <000301ca4581$ef9e57f0$cedb07d0$@in>\r\n", | |
| "MIME-Version: 1.0\r\n", | |
| "Content-Type: multipart/mixed;\r\n", | |
| "\tboundary=\"----=_NextPart_000_0004_01CA45B0.095693F0\"\r\n", | |
| "X-Mailer: Microsoft Office Outlook 12.0\r\n", | |
| "Thread-Index: AcpFgem9BvjjZEDeR1Kh8i+hUyVo0A==\r\n", | |
| "Content-Language: en-us\r\n", | |
| "x-cr-hashedpuzzle: SeA= AAR2 ADaH BpiO C4G1 D1gW FNB1 FPkR Fn+W HFCP HnYJ JO7s Kum6 KytW LFcI LjUt;1;cgBhAGoAXwBkAGUAbwBsADIAMAAwADIAaQBuAEAAeQBhAGgAbwBvAC4AYwBvAC4AaQBuAA==;Sosha1_v1;7;{CAA37F59-1850-45C7-8540-AA27696B5398};ZwB1AHIAcABhAHIAdABhAHAAQABwAGEAdAByAGkAbwB0AHMALgBpAG4A;Mon, 05 Oct 2009 06:06:01 GMT;UwBNAFQAUAA=\r\n", | |
| "x-cr-puzzleid: {CAA37F59-1850-45C7-8540-AA27696B5398}\r\n", | |
| "\r\n", | |
| "This is a multipart message in MIME format.\r\n", | |
| "\r\n", | |
| "------=_NextPart_000_0004_01CA45B0.095693F0\r\n", | |
| "Content-Type: multipart/alternative;\r\n", | |
| "\tboundary=\"----=_NextPart_001_0005_01CA45B0.095693F0\"\r\n", | |
| "\r\n", | |
| "\r\n", | |
| "------=_NextPart_001_0005_01CA45B0.095693F0\r\n", | |
| "Content-Type: text/plain;\r\n", | |
| "\tcharset=\"us-ascii\"\r\n", | |
| "Content-Transfer-Encoding: 7bit\r\n", | |
| "\r\n", | |
| "Hello\r\n", | |
| "\r\n", | |
| " \r\n", | |
| "\r\n", | |
| "I send u smtp pcap file \r\n", | |
| "\r\n", | |
| "Find the attachment\r\n", | |
| "\r\n", | |
| " \r\n", | |
| "\r\n", | |
| "GPS\r\n", | |
| "\r\n", | |
| "\r\n", | |
| "------=_NextPart_001_0005_01CA45B0.095693F0\r\n", | |
| "Content-Type: text/html;\r\n", | |
| "\tcharset=\"us-ascii\"\r\n", | |
| "Content-Transfer-Encoding: quoted-printable\r\n", | |
| "\r\n", | |
| "<html xmlns:v=3D\"urn:schemas-microsoft-com:vml\" =\r\n", | |
| "xmlns:o=3D\"urn:schemas-microsoft-com:office:office\" =\r\n", | |
| "xmlns:w=3D\"urn:schemas\n", | |
| "\n", | |
| "**QUERY FOUND:**\n", | |
| "From 192.168.1.1 -> 10.10.1.4\n", | |
| "\n", | |
| "\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal>Hello<o:p></o:p></p>\r\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal><o:p> </o:p></p>\r\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal>I send u smtp pcap file <o:p></o:p></p>\r\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal>Find the attachment<o:p></o:p></p>\r\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal><o:p> </o:p></p>\r\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal>GPS<o:p></o:p></p>\r\n", | |
| "\r\n", | |
| "</div>\r\n", | |
| "\r\n", | |
| "</body>\r\n", | |
| "\r\n", | |
| "</html>\r\n", | |
| "\r\n", | |
| "------=_NextPart_001_0005_01CA45B0.095693F0--\r\n", | |
| "\r\n", | |
| "------=_NextPart_000_0004_01CA45B0.095693F0\r\n", | |
| "Content-Type: text/plain;\r\n", | |
| "\tname=\"NEWS.txt\"\r\n", | |
| "Content-Transfer-Encoding: quot\n", | |
| "\n", | |
| "**QUERY FOUND:**\n", | |
| "From 10.10.1.4 -> 74.53.140.153\n", | |
| "\n", | |
| "ass=3DSection1>\r\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal>Hello<o:p></o:p></p>\r\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal><o:p> </o:p></p>\r\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal>I send u smtp pcap file <o:p></o:p></p>\r\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal>Find the attachment<o:p></o:p></p>\r\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal><o:p> </o:p></p>\r\n", | |
| "\r\n", | |
| "<p class=3DMsoNormal>GPS<o:p></o:p></p>\r\n", | |
| "\r\n", | |
| "</div>\r\n", | |
| "\r\n", | |
| "</body>\r\n", | |
| "\r\n", | |
| "</html>\r\n", | |
| "\r\n", | |
| "------=_NextPart_001_0005_01CA45B0.095693F0--\r\n", | |
| "\r\n", | |
| "------=_NextPart_000_0004_01CA45B0.095693F0\r\n", | |
| "Content-Type: text/plain;\r\n", | |
| "\tname=\"NEWS.txt\"\r\n", | |
| "Content-Transfer-Encoding: quoted-printable\r\n", | |
| "Content-Disposition: attachment;\r\n", | |
| "\tfilename=\"NEWS.txt\"\r\n", | |
| "\r\n", | |
| "Version 4.9.9.1\r\n", | |
| "* Many bug fixes\r\n", | |
| "* Improved editor\r\n", | |
| "\r\n", | |
| "Version 4.9.9.0\r\n", | |
| "* Support for latest Mingw compiler system builds\r\n", | |
| "* Bug fixes\r\n", | |
| "\r\n", | |
| "Version 4.9.8.9\r\n", | |
| "* New code tooltip display\r\n", | |
| "* Improved Indent/Unindent and Remove Comment\r\n", | |
| "* Improved automatic indent\r\n", | |
| "* Added support for the \"interface\" keyword\r\n", | |
| "* WebUpdate should now report installation problems from PackMan\r\n", | |
| "* New splash screen and association icons\r\n", | |
| "* Improved installer\r\n", | |
| "* Many bug fixes\r\n", | |
| "\r\n", | |
| "Version 4.9.8.7\r\n", | |
| "* Added support for GCC > 3.2\r\n", | |
| "* Debug variables are now resent during next debug session\r\n", | |
| "* Watched Variables not in correct context are now kept and updated when =\r\n", | |
| "it is needed\r\n", | |
| "* Added new compiler/linker options:=20\r\n", | |
| " - Strip executable\r\n", | |
| " - Generate instructions for a specific machine (i386, i486, i586, =\r\n", | |
| "i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4\n" | |
| ] | |
| } | |
| ], | |
| "prompt_number": 24 | |
| }, | |
| { | |
| "cell_type": "code", | |
| "collapsed": false, | |
| "input": [], | |
| "language": "python", | |
| "metadata": {}, | |
| "outputs": [] | |
| } | |
| ], | |
| "metadata": {} | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment