{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 兄弟一词,经得起流年. 的问题《Writing email sniffer》','https://www.manongdao.com/q-1342575.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am interested in writing an email sniffer that saves all emails sent via web based clients to hd, but I can't work out how to do this. How can I catch HTTPS mail before it is encrypted?
I would really appriciate some useful info. I cannot find anything information on the web. There's a program called HTTP Analyzer V5 that does the exact thing I want to make.
How should I start?
If I make a packet sniffer, it's useless because all data is encrypted.
Is there any other option?
You can't decrypt HTTPS, however, you can use man-in-the-middle programs to catch the HTTPS connection before it's created, and change the website's certificate with your own, which you WOULD be able to decrypt. Look up ettercap, and man-in-the-middle attacks.
Do you have control over the machines on which you intend to do this?
I used "The Grinder" before to capture HTTP requests for performance testing purposes, and it comes with a TCP Proxy component which logs all HTTP requests routed through it.
This includes the plain text content of form fields which are POSTed, which I assume would cover web mail "Send" buttons.
This may be a bit of a convoluted solution, but you could theoretically have the TCP Proxy running as a service on the client machine and have the connection pointed at the appropriate port on localhost.
I only ever took this as far as capturing my username and password as I logged into a web mail website (it worked), but nothing springs to mind immediately that would stop this from working on entire email messages.