[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Presentation of Message-ID Fingerprinting Tool
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>, <news@xxxxxxxxxxxxxx>, <submissions@xxxxxxxxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] Presentation of Message-ID Fingerprinting Tool
- From: "Marc Ruef" <maru@xxxxxxx>
- Date: Sun, 13 Sep 2009 09:13:39 +0200
Hello,
Within penetration tests client-oriented attacks become more and more
important.
I have created a script which is able to determine the mail client from
the message-id which is included in an email. Midfp (Message-ID
Fingerprinter) is going to analyze the structure of the message-id and
compare it with regular expressions against a data base. Thus, no
further analysis of the email (e.g. the header structures as like in my
browserrecon project; http://www.computec.ch/projekte/browserrecon/) is
required.
* Discussion of the Implementation (German only)
http://www.scip.ch/?labs.20090911
http://www.scip.ch/?labs.20090717
* Online Demo
http://www.scip.ch/labs/files/midfp/
* Download midfp-1.0php
http://www.scip.ch/labs/files/midfp-1.0.tar.gz
Regards,
Marc Ruef
--
Marc Ruef | maru@xxxxxxx
scip AG | Badenerstrasse 551 | 8048 Zurich
T +41 44 404 13 13 | F +41 44 404 13 14
Aktuelle Forschungen: http://www.scip.ch/?labs
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/