发邮件
1. 注册一个网易邮箱
2. 在Web端,登陆邮箱后,开启POP3/SMTP服务
3. 在MobaXterm中,使用telnet连接网易的邮件服务器
telnet smtp.163.com 25
ehlo 19933012148@163.com auth login MTk5MzMwMTIxNDhAMTYzLmNvbQ== //用户名的64base U0pYVUVVQklRQklEVkFOVQ== //授权码的64base
mail from <19933012148@163.com> rcpt to <2030669050@qq.com> //用来接收的一个邮件
邮件内容:
Enter.Enter //退出编写 quit //断开SMTP服务器连接
4. 启动Wireshark进入捕获状态,按照POP3协议规定的语法,语义和时序,访问POP3服务器以查看和接收邮件
打开Wireshark,进入捕获状态:
telnet pop.163.com 110 user 19933012148@163.com pass SJXUEUBIQBIDVANU
list retr 3 quit
5. 停止捕获,查看并分析捕获到的POP3会话和ESMTP会话过程。
TCP跟踪内容:
+OK POP3 ready user 19933012148@163.com +OK pass SJXUEUBIQBIDVANU +OK 3 message(s) [66755 byte(s)] list +OK 3 66755 1 20241 2 43062 3 3452 . retr 3 +OK 3452 octets Received: from xmbgsz5.mail.qq.com (unknown [113.108.92.28]) by gzga-mx-mta-g2-1 (Coremail) with SMTP id _____wDnN5jiYAFmmIRAAg--.32286S3; Mon, 25 Mar 2024 19:32:50 +0800 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1711366369; bh=1QWTk4tG9KAWBbFC0qMekqsjTLv8ZRwRMpMToPGdidU=; h=From:To:Subject:Date; b=P3W4Vim8pyW+ZwWi8YLAq2Ytm4ERS7bDy+V89o+IOYypr0+L4WDFbwm4yH/pDDEqw 8JOFFdqLGyDDKyZ1YkiWECt3nZ5u4a8wX7XzcKX+tl74esk/BvGG7J2vs9Ej5Qib9H wyiWTmHkM7AxnhsZMC1jynLNh7xnP92jNVWgdcq8= X-QQ-XMRINFO: OD9hHCdaPRBwq3WW+NvGbIU= X-QQ-XMAILINFO: MSZM6bBZzQobKVheMI8UnANNMkKriZrWJTOJLKom/Kcrwd6V/tojhjfmzOc5vX pnfLNeou3d8gL+PPPE7jDBYARCcC3BO2Bb2rZiD/p4Jv9WjaolXJP4X08ZVLlBmDBEYSDiG2hxRLM NueqBbP8DHMDLmoS5Ycix6e1s1LPxDdQEPdJrObLvD7TV4do9vtTf2FEHzsh+YZi8BQNy9nzFv1VL k6PSuHhuqlyZd1+h2Eo/8CmkKs8w/EFQJUyvfhAh9RVEMB641EqFAJ1KDls3FM1clIikcxJlAy+sV OFuM7OlVE7xOjIkPFpqWmZYqrRMAXHGD0vuBavLgmXShyWYRXWQ2asPfOnM2ZbUkxSS3QqUTDT0ur a8FIDkhDia3rqZCpiMYqGR0ZMhOoleHH9RZ6TSuRqdQhOyCB5SUMFY+M6MWGNomZSEcmqtW7tP+Nl YdQINDeL6rbCjG2lKK2bUmQR9lncKQgzZZT3HO0DQmj4OtuNqsIFyrnOAOVvQJQUzO0YrsTpl4vDc C8fVWUxDo5TTeG9PckT6U4sndhAYjfT0kC3SJjnVqBRFcriVVfBh65OCS+B9Azt5ag6AsUb3VmMDA IEVkU14Jjnrpx3CAk7Wmr4C/nUlQkUTwauq1zXtEoq3EMKqUISPkx0lm7jBxHm/eo1rxf2Jtijzoj JWmfb2iYSDDSYCwQ6B75kSqqfjmA6P6u2ro0sdbqWrnkJmrAxmTyx1Xf0tdThySGg0OVEIRnU+Ia4 w9DFV/yFHsn+M2AhQXLHrLXj4G9w1KmPhHaBIIIxxH9JT2dmI3nNmSRC8gmW7XOphHa8T+ej6sMzK UZaoSbi8PGxb0H/Fiv+qAgrTb57zbkNpuAmf0n8EIfXhSFYfE7jw/fo7jABvipesEtNanU+eIg6I0 kiy4DlkdgAld9UKGpoEmiLURmai2S0jXhCtmOVa3bA2bnp89A6UKyL3D/pE4K3EK4DSKJjE4RTYE1 9dKy6PcX1s8vyLyWi6TfrAwiaX/aGTdqwF5FcIFeD1QhYmw73X3LBuw6cRA/8= From: "=?utf-8?B?WOaHkuaHkg==?=" <2964563946@qq.com> To: "=?utf-8?B?MTk5MzMwMTIxNDg=?=" <19933012148@163.com> Subject: Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_660160E1_7E89D1E0_1C5CB6D1" Content-Transfer-Encoding: 8Bit Date: Mon, 25 Mar 2024 19:32:49 +0800 X-Priority: 3 Message-ID: <tencent_1FD11BC33ECC3C4D377EF0C6E9F35308FA05@qq.com> X-QQ-MIME: TCMime 1.0 by Tencent X-Mailer: QQMail 2.x X-QQ-Mailer: QQMail 2.x X-QQ-mid: xmapsza6-0t1711366369t0nh0rzj9 X-CM-TRANSID:_____wDnN5jiYAFmmIRAAg--.32286S3 Authentication-Results: gzga-mx-mta-g2-1; spf=pass smtp.mail=296456394 6@qq.com; dkim=pass header.i=@qq.com X-Coremail-Antispam: 1Uf129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73 VFW2AGmfu7bjvjm3AaLaJ3UbIYCTnIWIevJa73UjIFyTuYvjxUFeOGUUUUU This is a multi-part message in MIME format. ------=_NextPart_660160E1_7E89D1E0_1C5CB6D1 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SG93IGFyZSB5b3XvvJ8NCg0KDQoNCuWPkeiHquaIkeeahGlQaG9uZQ== ------=_NextPart_660160E1_7E89D1E0_1C5CB6D1 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGRpdiBzdHlsZT0ibWluLWhlaWdodDoyMnB4O21hcmdpbi1ib3R0b206OHB4OyI+SG93IGFy ZSB5b3XvvJ88L2Rpdj48ZGl2IHN0eWxlPSJtaW4taGVpZ2h0OjIycHg7bWFyZ2luLWJvdHRv bTo4cHg7Ij48YnIgIC8+PC9kaXY+PGRpdiBpZD0iUVFNYWlsU2lnbmF0dXJlIiBjbGFzcz0i bWFpbC1mb290ZXIiIGFyaWEtaGlkZGVuPSJ0cnVlIj48aHIgc3R5bGU9Im1hcmdpbjogMCAw IDEwcHggMDtib3JkZXI6IDA7Ym9yZGVyLWJvdHRvbToxcHggc29saWQgI0U2RThFQjtoZWln aHQ6MDtsaW5lLWhlaWdodDowO2ZvbnQtc2l6ZTowO3BhZGRpbmc6IDIwcHggMCAwIDA7d2lk dGg6IDUwcHg7IiAgLz7lj5Hoh6rmiJHnmoRpUGhvbmU8L2Rpdj48ZGl2IGlkPSJvcmlnaW5h bC1jb250ZW50Ij48L2Rpdj4= ------=_NextPart_660160E1_7E89D1E0_1C5CB6D1-- . quit +OK core mail
pop3分析:
根据捕获到的POP3会话过程,该会话首先进行了用户身份验证,然后使用 “list” 命令获取了邮件列表信息,随后使用 “retr 3” 命令获取了第三封邮件的内容,最后使用 “quit” 命令结束了会话。
在获取到的第三封邮件内容中,可以看到该封邮件是一封多部分消息,包含了文本和 HTML 两种格式的内容。邮件主题为空,发件人为 “2964563946@qq.com”,收件人为 “19933012148@163.com”。邮件正文内容经过了 Base64 编码:
<div style="min-height:22px;margin-bottom:8px;">How are you?</div>
How are you?