Simple IMAP Account Verification in Python

imaplib is a great library for handling IMAP communication. It supports both plaintext IMAP and IMAP over SSL (IMAPS) with ease. Connecting to an IMAP server is achieved as follows: import imaplib host = "" port = 143 ssl = 0 try: if ssl: imap = imaplib.IMAP4_SSL(host, port) else: imap = imaplib.IMAP4(host, port) welcomeMsg = imap.welcome print "IMAP Banner: %s" %(welcomeMsg) except: print "Connection Failed" quit() This results in the following output: “IMAP Banner: * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2011 Double Precision, Inc. See COPYING for distribution information.” Now, to log in: username="" password="password" try: loginMsg = imap.login(username, password) print "Login Message: %s" %(loginMsg[1]) except: print "Login Failed" quit() With acceptable credentials, the response is: “Login Message: [‘LOGIN Ok.’]”. Lastly, to print a list of all mailboxes in the account: try: mBoxes = imap.list() for mBox in mBoxes[1]: print mBox except: print "Couldn’t get Mail Boxes" quit() […]

By | November 22nd, 2014|Python|0 Comments

Some simple filtering and sniffing with tcpdump

tcpdump is one of the best network debugging tools available. In it’s most basic form, it will print network traffic in terms of a source and destination address to the console, more advanced uses include printing out captured ASCII and simple but powerful filtering. tcpdump -ieth0 -n # Start tcpdump listening on interface eth0, and do not attempt to resolve IP addresses to hostnames ( -n ). What we see is: 20:51:40.848211 IP 217.10.X.X.22 > 93.97.Y.Y.52381: P 76216:76364(148) ack 261 win 8576 20:51:40.853726 IP 93.97.Y.Y.52381 > 217.10.X.X.22: . ack 59548 win 16848 And this is repeated over and over. Now this is a feedback loop. As we are connected via port 22 (SSH), this loop will continue, and we must therefore filter it out: tcpdump -ieth0 -n tcp port not 22 Now we can cleanly monitor traffic. What happens though if we want to view SSH traffic, but not our own? tcpdump -ieth0 -n tcp port not 22 and host not 93.97.Y.Y We can build this filter up as much as we wish. Let’s start watching HTTP (tcp port 80) traffic only: tcpdump -ieth0 -n tcp port 80 Finally, let’s set the ‘snaplen’ to 1500 bytes, and print out the captured data in ASCII: tcpdump -ieth0 -n tcp port 80 -A -s1500 20:56:25.260143 IP 217.10.X.X.80 > 88.110.Y.Y.51171: P 1:550(549) ack 172 win 1728 E..Mn @.@..w. ..Xn!..P….’@…P…3…HTTP/1.1 404 Not Found Date: Mon, 15 Dec 2008 21:05:17 GMT Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 Content-Length: 313 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /favicon.ico was not found on this server.</p> <hr> <address>Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 Server at www.[HIDDEN].com Port 80</address> </body></html> And from this we can see all HTTP traffic. As you can see, it’s that easy to capture and decode plaintext traffic. We can do the same on port 110 (POP3): […]

By | December 15th, 2008|Technology|2 Comments