tugas 3 keamanan informasi lanjut (Mail Sniffing)


sniffing email dengan menggunakan Wireshark.

 

  1. Membuat email server dengan hMailServer, menggunakan port 25. Panduan instalasi dan konfigurasi dapat dilihat pada situs.
  2. Menjalankan Wireshark dan pilih menu Capture
  3. Mengirim email ke diri sendiri menggunakan email client Thunderbird (attachment 2 buah file rar
  4. Pilih Capture : Stop.
  5. Analisa hasil.



Return-Path: roni@ron.com
Received: from [127.0.0.1] ([127.0.0.1])
	by ron.com
	; Tue, 31 May 2011 13:30:59 +0700
Message-ID: <4DE48B23.80306@ron.com>
Date: Tue, 31 May 2011 13:30:59 +0700
From: Roni <roni@ron.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10
MIME-Version: 1.0
To: roni@ron.com
Subject: tes
Content-Type: multipart/mixed;
 boundary="------------050707030105010301000809"

This is a multi-part message in MIME format.
--------------050707030105010301000809
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

tugas pak budi

--------------050707030105010301000809
Content-Type: application/octet-stream;
 name="1.rar"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="1.rar"

UmFyIRoHAM+QcwAADQAAAAAAAAA833QgkDUA/wEAAEcEAAACze30ugOZjT4dMxAAIAAAAGJh
aGFuIHRoZXNpcy50eHQAsBDfiAwZUMzM/RgRN9AvCqA9KBRabcVbYDF0UTfRaLuYMJLTNiRJ
pJVcc71RdMaR/GJNwWWC6L+JwJFDM+9n59x0+w5meOH2E5xLe5y9YxnYudFyUqvsV3TlVYOp
irVtH9jpMpgmnrOVyFJwiunka2IKcStwsf3y3cCMu+jPppop9fq8HfzK4eBO0j4t3QIe/E2R
Yys5RzIwO2iwFITVP9Gr9nmmsKawlm81wVZOMWId5xVHTfcFh6IWUioyiv2NwgRhEiXaWFDY
X21409RYuHtj3OJgBPByyv+1H1dWa6BAXKFEqU/peP8zqnLqgDZca/QQs9MXLWueT0IXmE5U
BXH6XT/2PaItKRKQiTXoRv8xF/QQKHHsNnoE8GggvEu8TPxbW5u2yjqpH2n48FMM3WEvN4l5
semJvzqX7UipSqoOAnJ0G6Hvu+uwtrH/S6BTrTcZlJm99cjTTdfx+GRB9kl9wtORXj8Ee92R
lbdkQap7Fd8o5eRISL5/LXEncHZ+XuSQCAGbLrBbcrukV5KIsi1F/LqoonwsaOYdX8bzmy3o
OjLy8w1v3VJl0CIKNIsRiY6MH5A7wP6jtQ9BnknCgjw8j64ZBBC9H2gZkCDd9q4uJSDYebAb
xiuC5WbFUYHJeiPWLKWhUxWKwyyJcsnBN82lxFdvPIvvgvyS4YtC0e3T90DEPXsAQAcA
--------------050707030105010301000809
Content-Type: application/octet-stream;
 name="2.rar"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="2.rar"

UmFyIRoHAM+QcwAADQAAAAAAAAA833QgkDUA/wEAAEcEAAACze30ugOZjT4dMxAAIAAAAGJh
aGFuIHRoZXNpcy50eHQAsBDfiAwZUMzM/RgRN9AvCqA9KBRabcVbYDF0UTfRaLuYMJLTNiRJ
pJVcc71RdMaR/GJNwWWC6L+JwJFDM+9n59x0+w5meOH2E5xLe5y9YxnYudFyUqvsV3TlVYOp
irVtH9jpMpgmnrOVyFJwiunka2IKcStwsf3y3cCMu+jPppop9fq8HfzK4eBO0j4t3QIe/E2R
Yys5RzIwO2iwFITVP9Gr9nmmsKawlm81wVZOMWId5xVHTfcFh6IWUioyiv2NwgRhEiXaWFDY
X21409RYuHtj3OJgBPByyv+1H1dWa6BAXKFEqU/peP8zqnLqgDZca/QQs9MXLWueT0IXmE5U
BXH6XT/2PaItKRKQiTXoRv8xF/QQKHHsNnoE8GggvEu8TPxbW5u2yjqpH2n48FMM3WEvN4l5
semJvzqX7UipSqoOAnJ0G6Hvu+uwtrH/S6BTrTcZlJm99cjTTdfx+GRB9kl9wtORXj8Ee92R
lbdkQap7Fd8o5eRISL5/LXEncHZ+XuSQCAGbLrBbcrukV5KIsi1F/LqoonwsaOYdX8bzmy3o
OjLy8w1v3VJl0CIKNIsRiY6MH5A7wP6jtQ9BnknCgjw8j64ZBBC9H2gZkCDd9q4uJSDYebAb
xiuC5WbFUYHJeiPWLKWhUxWKwyyJcsnBN82lxFdvPIvvgvyS4YtC0e3T90DEPXsAQAcA
--------------050707030105010301000809--

 

hasil wireshark

 

250-SIZE 20480000
250 AUTH LOGIN
AUTH LOGIN
34 VXNlcm5hbWU6
Z2VycnlAbWFpbC5tZWl6YW5vLmNvbQ==
334 UGFzc3dvcmQ6
YWJjZGVm
235 authenticated.
MAIL FROM: <roni@ron.com>
250 OK
RCPT TO: <roni@ron.com>
250 OK
RSET
250 OK
RSET
250 OK
MAIL FROM: <roni@ron.com>
RCPT TO: <roni@ron.com>
250 OK
DATA
354 OK, send.
From: <roni@ron.com>
To: <roni@ron.com>
Subject: test mail send
Date: Tue, 31 May 2011 14:10:15 +0700
Message-ID: <00c501cc1145$c0215a11$40340e00$@ron.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=”—-=_NextPart_000_00C6_01CC1180.6C790BA0″
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AcwRRYhXpDPRy0maReepcD8HRJBeNA==
Content-Language: en-us

This is a multipart message in MIME format.

——=_NextPart_000_00C6_01CC1180.6C790BA0
Content-Type: multipart/alternative;
boundary=”—-=_NextPart_001_00C7_01CC1180.6C790BA0″

——=_NextPart_001_00C7_01CC1180.6C790BA0
Content-Type: text/plain;
charset=”us-ascii”
Content-Transfer-Encoding: 7bit

test

——=_NextPart_001_00C7_01CC1180.6C790BA0
Content-Type: text/html;
charset=”us-ascii”
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D”urn:schemas-microsoft-com:vml” = xmlns:o=3D”urn:schemas-microsoft-com:office:office”

potong krn kepanjangan

——=_NextPart_001_00C7_01CC1180.6C790BA0–

——=_NextPart_000_00C6_01CC1180.6C790BA0
Content-Type: application/octet-stream;
name=”1.rar”
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename=”2.rar”

/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBhMSEBIQEBISDxAVFA8SFBUUDxQQEBAUFBcVFBUU
FBQXHCYeFxkjGRQUHy8gIycpLCwsFR4xNTAqNSYrLCkBCQoKDgwOFA8PFykcFxwsKSkpKSkpKSks

potong krn kepanjangan
KwBQU4FRgp4VlDmkg3BsevRW1Hiebwv0dwdg5VKS6JPCnKY6tku63A0UC5xvdcgCFAXWXBKoQSy6
yVcoQRcUq5QggeRsSD6p7qhx0LifUkpll1lCCrly5Qhy5cuUIcuXLlCCWS3XJWqyhwHVNJSuSKyH
/9k=

——=_NextPart_000_00C6_01CC1180.6C790BA0–

.
250 Queued (0.109 seconds)
QUIT
221 goodbye


		

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: