Simple IMAP Account Verification in Python

November 22nd, 2014

imaplib is a great library for handling IMAP communication. It supports both plaintext IMAP and IMAP over SSL (IMAPS) with ease. Connecting to an IMAP server is achieved as follows:

import imaplib

host = "mx.sasdataservices.com"
port = 143
ssl = 0

try:
	if ssl:
		imap = imaplib.IMAP4_SSL(host, port)
	else:
		imap = imaplib.IMAP4(host, port)
	welcomeMsg = imap.welcome
	print "IMAP Banner: %s" %(welcomeMsg)
except:
	print "Connection Failed"
	quit()

This results in the following output: “IMAP Banner: * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2011 Double Precision, Inc. See COPYING for distribution information.” Now, to log in:

username="user@email.com"
password="password"

try:
	loginMsg = imap.login(username, password)
	print "Login Message: %s" %(loginMsg[1])
except:
	print "Login Failed"
	quit()

With acceptable credentials, the response is: “Login Message: [‘LOGIN Ok.’]”. Lastly, to print a list of all mailboxes in the account:

try:
	mBoxes = imap.list()
	for mBox in mBoxes[1]:
		print mBox
except:
	print "Couldn't get Mail Boxes"
quit()

Read the rest of this entry »

Some simple filtering and sniffing with tcpdump

December 15th, 2008

tcpdump is one of the best network debugging tools available. In it’s most basic form, it will print network traffic in terms of a source and destination address to the console, more advanced uses include printing out captured ASCII and simple but powerful filtering.

tcpdump -ieth0 -n
# Start tcpdump listening on interface eth0, and do not attempt to resolve IP addresses to hostnames ( -n ).

What we see is:

20:51:40.848211 IP 217.10.X.X.22 > 93.97.Y.Y.52381: P 76216:76364(148) ack 261 win 8576
20:51:40.853726 IP 93.97.Y.Y.52381 > 217.10.X.X.22: . ack 59548 win 16848

And this is repeated over and over. Now this is a feedback loop. As we are connected via port 22 (SSH), this loop will continue, and we must therefore filter it out:

tcpdump -ieth0 -n tcp port not 22

Now we can cleanly monitor traffic. What happens though if we want to view SSH traffic, but not our own?

tcpdump -ieth0 -n tcp port not 22 and host not 93.97.Y.Y

We can build this filter up as much as we wish. Let’s start watching HTTP (tcp port 80) traffic only:

tcpdump -ieth0 -n tcp port 80

Finally, let’s set the ‘snaplen’ to 1500 bytes, and print out the captured data in ASCII:

tcpdump -ieth0 -n tcp port 80 -A -s1500
20:56:25.260143 IP 217.10.X.X.80 > 88.110.Y.Y.51171: P 1:550(549) ack 172 win 1728
E..Mn @.@..w.
..Xn!..P….’@…P…3…HTTP/1.1 404 Not Found
Date: Mon, 15 Dec 2008 21:05:17 GMT
Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13
Content-Length: 313
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico was not found on this server.</p>
<hr>
<address>Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 Server at www.[HIDDEN].com Port 80</address>
</body></html>

And from this we can see all HTTP traffic. As you can see, it’s that easy to capture and decode plaintext traffic. We can do the same on port 110 (POP3):

Read the rest of this entry »