public Email(System.IO.MemoryStream emailMimeStream, PacketHandler mainPacketHandler, Packets.TcpPacket tcpPacket, bool transferIsClientToServer, NetworkTcpSession tcpSession, ApplicationLayerProtocol protocol, FileTransfer.FileStreamAssembler.FileAssmeblyRootLocation fileAssmeblyRootLocation = FileTransfer.FileStreamAssembler.FileAssmeblyRootLocation.destination) { Mime.UnbufferedReader ur = new PacketParser.Mime.UnbufferedReader(emailMimeStream); this.MainPacketHandler = mainPacketHandler; this.protocol = protocol; if (this.protocol == ApplicationLayerProtocol.Smtp) { this.fileTransferProtocol = FileTransfer.FileStreamTypes.SMTP; } else if (this.protocol == ApplicationLayerProtocol.Pop3) { this.fileTransferProtocol = FileTransfer.FileStreamTypes.POP3; } else if (this.protocol == ApplicationLayerProtocol.Imap) { this.fileTransferProtocol = FileTransfer.FileStreamTypes.IMAP; } //this.reassembleFileAtSourceHost = reassembleFileAtSourceHost; this.fileAssmeblyRootLocation = fileAssmeblyRootLocation; this.fiveTuple = tcpSession.Flow.FiveTuple; this.transferIsClientToServer = transferIsClientToServer; this.attachments = new List <FileTransfer.ReconstructedFile>(); this.from = null; this.to = null; this.subject = null; this.messageId = null; this.date = null;//Date: Fri, 1 Aug 2003 14:17:51 -0700 Encoding customEncoding = null; System.Collections.Specialized.NameValueCollection rootAttributes = null; bool messageSentToPacketHandler = false; foreach (Mime.MultipartPart multipart in Mime.PartBuilder.GetParts(ur)) //I might need to add "ref customEncoding" as a parameter here { if (rootAttributes == null) { from = multipart.Attributes["From"]; to = multipart.Attributes["To"]; subject = multipart.Attributes["Subject"]; messageId = multipart.Attributes["Message-ID"]; date = multipart.Attributes["Date"]; rootAttributes = multipart.Attributes; } if (multipart.Attributes["charset"] != null) { try { customEncoding = Encoding.GetEncoding(multipart.Attributes["charset"]); } catch { } } this.parseMultipart(multipart, rootAttributes, tcpPacket, ref messageSentToPacketHandler, customEncoding, from, to, subject, messageId); } //create an .eml file with the whole DATA portion string emlFilename = null; if (subject != null && subject.Length > 3) { emlFilename = Utils.StringManglerUtil.ConvertToFilename(subject, 10); /* * try { * System.IO.FileInfo fi = new System.IO.FileInfo(subject.Substring(0, 10)); * emlFilename = subject.Substring(0, 10); * } * catch { * emlFilename = Utils.StringManglerUtil.ConvertToFilename(subject, 10); * } */ } if (emlFilename == null || emlFilename.Length == 0) { if (messageId != null && messageId.Length > 3) { emlFilename = Utils.StringManglerUtil.ConvertToFilename(messageId, 10); } else { emlFilename = "message_" + tcpSession.GetHashCode().ToString("X8"); } } emlFilename = emlFilename + ".eml"; /* * string extendedFileId = tcpSession.GetHashCode().ToString(); * if (messageId != null && messageId.Length > 0) * extendedFileId = messageId; */ if (rootAttributes != null) { string extendedFileId = GetFileId(rootAttributes); using (FileTransfer.FileStreamAssembler assembler = new FileTransfer.FileStreamAssembler(MainPacketHandler.FileStreamAssemblerList, this.fiveTuple, this.transferIsClientToServer, this.fileTransferProtocol, emlFilename, "/", emailMimeStream.Length, emailMimeStream.Length, this.protocol.ToString() + " transcript From: " + from + " To: " + to + " Subject: " + subject, extendedFileId, tcpPacket.ParentFrame.FrameNumber, tcpPacket.ParentFrame.Timestamp, this.fileAssmeblyRootLocation)) { if (assembler.TryActivate()) { assembler.FileReconstructed += MainPacketHandler.OnMessageAttachmentDetected; assembler.FileReconstructed += Assembler_FileReconstructed; assembler.AddData(emailMimeStream.ToArray(), tcpPacket.SequenceNumber); //assembler.FinishAssembling(); } else { assembler.Clear(); assembler.FinishAssembling(); } } } }
public Email(System.IO.MemoryStream emailMimeStream, PacketHandler mainPacketHandler, Packets.TcpPacket tcpPacket, bool transferIsClientToServer, NetworkTcpSession tcpSession, ApplicationLayerProtocol protocol, FileTransfer.FileStreamAssembler.FileAssmeblyRootLocation fileAssmeblyRootLocation = FileTransfer.FileStreamAssembler.FileAssmeblyRootLocation.destination) { SharedUtils.Logger.Log("Extracting Email from MIME data in " + tcpPacket.ParentFrame.ToString(), SharedUtils.Logger.EventLogEntryType.Information); Mime.UnbufferedReader ur = new PacketParser.Mime.UnbufferedReader(emailMimeStream); this.MainPacketHandler = mainPacketHandler; this.protocol = protocol; if (this.protocol == ApplicationLayerProtocol.Smtp) { this.fileTransferProtocol = FileTransfer.FileStreamTypes.SMTP; } else if (this.protocol == ApplicationLayerProtocol.Pop3) { this.fileTransferProtocol = FileTransfer.FileStreamTypes.POP3; } else if (this.protocol == ApplicationLayerProtocol.Imap) { this.fileTransferProtocol = FileTransfer.FileStreamTypes.IMAP; } //this.reassembleFileAtSourceHost = reassembleFileAtSourceHost; this.fileAssmeblyRootLocation = fileAssmeblyRootLocation; this.fiveTuple = tcpSession.Flow.FiveTuple; this.transferIsClientToServer = transferIsClientToServer; this.attachments = new List <FileTransfer.ReconstructedFile>(); this.from = null; this.to = null; this.subject = null; this.messageId = null; this.date = null;//Date: Fri, 1 Aug 2003 14:17:51 -0700 Encoding customEncoding = null; this.RootAttributes = null; bool messageSentToPacketHandler = false; //The open source .NET implementation Mono can crash if the strings contain Unicode chracters //see KeePass bug: https://sourceforge.net/p/keepass/feature-requests/2254/ foreach (Mime.MultipartPart multipart in Mime.PartBuilder.GetParts(ur, Utils.SystemHelper.IsRunningOnMono(), null)) //I might need to add "ref customEncoding" as a parameter here { SharedUtils.Logger.Log("Extracting MIME part with attributes \"" + String.Join(",", multipart.Attributes.AllKeys) + "\" in " + tcpPacket.ParentFrame.ToString(), SharedUtils.Logger.EventLogEntryType.Information); if (this.RootAttributes == null) { from = multipart.Attributes["From"]; to = multipart.Attributes["To"]; subject = multipart.Attributes["Subject"]; messageId = multipart.Attributes["Message-ID"]; date = multipart.Attributes["Date"]; this.RootAttributes = multipart.Attributes; } if (multipart.Attributes["charset"] != null) { try { customEncoding = Encoding.GetEncoding(multipart.Attributes["charset"]); } catch (Exception e) { SharedUtils.Logger.Log("Exception getting encoding for charset \"" + multipart.Attributes["charset"] + "\". " + e.ToString(), SharedUtils.Logger.EventLogEntryType.Warning); } } this.parseMultipart(multipart, this.RootAttributes, tcpPacket, ref messageSentToPacketHandler, customEncoding, emailMimeStream.Length, from, to, subject, messageId); } if (!messageSentToPacketHandler && from != null && to != null) { //send message to PacketHandler with force if (this.transferIsClientToServer) { this.MainPacketHandler.OnMessageDetected(new PacketParser.Events.MessageEventArgs(this.protocol, this.fiveTuple.ClientHost, this.fiveTuple.ServerHost, tcpPacket.ParentFrame.FrameNumber, tcpPacket.ParentFrame.Timestamp, from, to, subject, "", customEncoding, this.RootAttributes, emailMimeStream.Length)); } else { this.MainPacketHandler.OnMessageDetected(new PacketParser.Events.MessageEventArgs(this.protocol, this.fiveTuple.ServerHost, this.fiveTuple.ClientHost, tcpPacket.ParentFrame.FrameNumber, tcpPacket.ParentFrame.Timestamp, from, to, subject, "", customEncoding, this.RootAttributes, emailMimeStream.Length)); } messageSentToPacketHandler = true; } //create an .eml file with the whole DATA portion string emlFilename = null; if (subject != null && subject.Length > 3) { emlFilename = Utils.StringManglerUtil.ConvertToFilename(subject, 10); } if (emlFilename == null || emlFilename.Length == 0) { if (messageId != null && messageId.Length > 3) { emlFilename = Utils.StringManglerUtil.ConvertToFilename(messageId, 10); } else { emlFilename = "message_" + tcpSession.GetHashCode().ToString("X8"); } } emlFilename = emlFilename + ".eml"; if (this.RootAttributes != null) { string extendedFileId = GetMessageId(this.RootAttributes); using (FileTransfer.FileStreamAssembler assembler = new FileTransfer.FileStreamAssembler(MainPacketHandler.FileStreamAssemblerList, this.fiveTuple, this.transferIsClientToServer, this.fileTransferProtocol, emlFilename, "/", emailMimeStream.Length, emailMimeStream.Length, this.protocol.ToString() + " transcript From: " + from + " To: " + to + " Subject: " + subject, extendedFileId, tcpPacket.ParentFrame.FrameNumber, tcpPacket.ParentFrame.Timestamp, this.fileAssmeblyRootLocation)) { if (assembler.TryActivate()) { assembler.FileReconstructed += this.MainPacketHandler.OnMessageAttachmentDetected; assembler.FileReconstructed += this.Assembler_FileReconstructed; SharedUtils.Logger.Log("Adding emailMimeStream bytes: " + emailMimeStream.Length, SharedUtils.Logger.EventLogEntryType.Information); assembler.AddData(emailMimeStream.ToArray(), tcpPacket.SequenceNumber); } else { SharedUtils.Logger.Log("Unable to activate email assembler", SharedUtils.Logger.EventLogEntryType.Warning); assembler.Clear(); assembler.FinishAssembling(); } } } }