CN115334032A - Mail receiving method based on multiple protocols - Google Patents

Abstract

A mail receiving method based on multiple protocols comprises the following steps: creating a receiving task; setting corresponding parameters to initialize a receiving task according to the actual receiving requirement; distributing a receiving circuit; selecting an optimal line according to the actual active address of the target object; starting multithread receiving; in the mailbox receiving process, a multithreading receiving method is initialized according to the mailbox type of the target object; monitoring a receiving strategy; in the mail downloading process, starting receiving strategy monitoring; completing the receiving task; and releasing resources occupied by the mail receiving task, filing and storing the downloaded mail, and displaying log information and statistical information in the mail receiving process. The invention overcomes the defects of the prior art, and has very outstanding actual combat effect aiming at various complex mailbox protocols and server control strategies, flow limitation and access download limitation measures of different mailboxes and the requirements of automatic selection of network lines and password receiving free.

Description

Mail receiving method based on multiple protocols

Technical Field

The invention relates to the technical field of communication, in particular to a multi-protocol-based mail receiving method.

Background

In the process of searching, collecting and fighting against illegal criminal activities, mailbox evidence collection and mail collection are often required for target objects of illegal crimes. The target mailboxes of the illegal objects are various in types, and are based on protocol categories such as WebMail, POP3, IMAP, exchange and the like, and different mail server manufacturers and different mail limitation strategies are arranged below each category. How to create a comprehensive and multi-receiving-mode-compatible mail receiving method based on the multi-protocol mailbox types and the control strategy of the handling server has been a difficult problem in the industry. Moreover, in the actual activity of fighting against illegal crimes, the problem that how to receive a password-free mailbox for a mailbox Cookie and an NTLM Hash and automatically select a network line for an active area of a target object are both needed to be solved in actual work is often encountered in the scene that a mailbox account password of the target object cannot be obtained.

Disclosure of Invention

Aiming at the defects of the prior art, the invention provides a mail receiving method based on multiple protocols, which overcomes the defects of the prior art, and has a very prominent actual combat effect aiming at various complex mailbox protocols and server control strategies, flow limitation and access download limitation measures of different mailboxes and the requirements of automatic network line selection and password receiving avoidance.

In order to achieve the purpose, the invention is realized by the following technical scheme:

a mail receiving method based on multiple protocols comprises the following steps:

step S1: creating a receiving task; setting corresponding parameters to initialize a receiving task according to the actual receiving requirement;

step S2: distributing a receiving circuit; according to the actual active address of the target object, the country and the region are designated, and the receiving program selects the optimal line according to the information of the country and the region;

and step S3: starting multithread receiving; in the mailbox receiving process, a multithread receiving method is initialized according to the mailbox type of the target object, and data interaction and data downloading are carried out in a high concurrency mode;

and step S4: receiving policy monitoring; in the mail downloading process, starting receiving strategy monitoring;

step S5: completing the receiving task; and releasing resources occupied by the mail receiving task, filing and storing the downloaded mail, and displaying log information and statistical information in the mail receiving process.

Preferably, the multithreading mail receiving in step S3 specifically includes Cookie receiving, webMail receiving, IMAP receiving, POP3 receiving, and Exchange receiving.

Preferably, the Cookie receiving process specifically includes the following steps:

step S311: obtaining mailbox Cookie information of the target object;

step S312: resolving Cookie; obtaining a plurality of key value pair combinations through Cookie analysis, and setting the Cookie information into an HTTP request;

step S313: simulating an HTTP request; simulating an HTTP request data packet of interaction between a client browser and a server program in the processes of mailbox login and mail viewing of a real user, and acquiring return information of a server through HTTP request disguise;

step S314: e, downloading the mail; the mail downloading is completed by acquiring the mail downloading links in batch and the request parameters of each downloading link, and executing HTTP data packet sending and returned data receiving in a multithread mode.

Preferably, the WebMail receiving process receives the mail by using the acquired mailbox account password, and specifically includes the following steps:

step S321: logging in a password; analyzing the login process of the target mailbox in detail, requesting HTTP address, HTTP header information and Post parameter of the request, and then simulating and sending a data packet containing an encrypted account password through the HTTP request;

step S322: identifying the verification code; aiming at part of mailboxes needing to log in verification codes, verification code identification including numbers, letters, capital and lower cases and Chinese characters is provided, and the identified verification codes are sent to a server through a third-party verification code identification component to finish login authentication;

step S323: traversing the mail folder; after the mailbox is logged in, starting to traverse a mail folder list of a target user, wherein the mail folder list comprises an inbox, a sent mail box, a draft box, a deleted mail, a junk mail, an archived mail and self-defined mail folder information;

step S324: e, mail downloading; the mail downloading is completed by acquiring the mail downloading links in batch and the request parameters of each downloading link, and executing HTTP data packet sending and returned data receiving in a multithread mode;

step S325: the mail is traceless; and (4) checking and modifying the unread state of the mails in the mailbox, wherein the unread state of the mails is unread, and if the unread state of the mails is read, the unread state is not influenced.

Preferably, the IMAP collection procedure specifically includes the following steps:

step S331: configuring an IMAP server; the method comprises the following steps of configuring information such as an IMAP server address, IMAP server encryption information, an IMAP server communication port and the like;

step S332: authorizing login; establishing a TCP connection by using the IMAP server address information configured in the step S331, and sending a mailbox account authentication and a mailbox encryption password in a preset encryption mode to finish authorized login;

step S333: traversing the mail folder; traversing the mail folder LIST through an LIST instruction, and circularly inquiring and traversing the mail LIST through a Fetch instruction;

step S334: e, mail downloading; mail downloading is completed by obtaining mail contents in batch and writing the mail contents into local storage by using multithreading.

Preferably, the POP3 receiving process specifically includes the following steps:

step S341: configuring a POP3 server; the method comprises configuration information such as a POP3 server address, POP3 server encryption information, a POP3 server communication port and the like;

step S342: authorizing login; establishing TCP connection by using the address information of the POP3 server configured in the first step, and sending mailbox account authentication and mailbox encryption passwords in a preset encryption mode to finish authorized login;

step S343: traversing an inbox; traversing the mail ID LIST of the inbox through the UIDL instruction, and circularly querying and traversing the mailbox of the inbox LIST through the LIST instruction;

step S344: e, mail downloading; mail downloading is completed by obtaining mail contents in batch and writing the mail contents into local storage by using multithreading.

Preferably, the Exchange collection process specifically includes the following steps:

step S351: NTLM Hash receiving; intercepting an NTLM Hash value of a target object in modes of network sniffing, flow monitoring and the like;

step S352: NTLM Hash analysis; the method comprises the steps that data analysis and local authorization information disguise are completed by transmitting mailbox information, domain control Domain and a 32-bit NTLM Hash character string of a target object and using an independently developed NTLM Hash analysis program;

step S353: authorizing login; after the NTLM Hash analysis in step S352, the local computer has performed authorization information disguise. Simulating Exchange mailbox login at the moment;

step S354: e, traversing the mails; traversing the mail folder list by using an Exchange receiving protocol to complete ID list statistics and mail content query of all mails;

step S355: e, mail downloading; mail downloading is completed by obtaining mail contents in batch and writing the mail contents into local storage by using multithreading.

The invention provides a mail receiving method based on multiple protocols. The method has the following beneficial effects: in the execution process of the mail receiving method based on the multiprotocol, an IP line can be intelligently selected according to the areas where the target mailbox and the target object frequently log in, so that the safety is improved, and abnormal reminding of a server is prevented. And the method covers Cookie receiving, webMail receiving, IMAP receiving, POP3 receiving and Exchange receiving, and can flexibly adopt different receiving modes in the face of different scenes and requirements. The mail receiving method based on the multiprotocol adopts a distributed receiving mechanism, can realize high-concurrency and multi-thread receiving in a short time, and meets the receiving requirement of massive mails. The mail receiving method based on the multi-protocol has a server flow monitoring strategy aiming at different mailbox types. And limiting the single-day flow of mail downloading for part of the mailboxes, limiting the maximum mail downloading quantity per hour for part of the mailboxes, and the like, and automatically counting the flow and adjusting the speed.

Drawings

In order to more clearly illustrate the present invention or the prior art solutions, the drawings that are needed in the description of the prior art will be briefly described below.

FIG. 1 is a flow chart of the steps of the present invention;

FIG. 2 is a Cookie reception flow diagram of the present invention;

FIG. 3 is a block diagram of a WebMail receiving process in the present invention;

fig. 4 is a block diagram of the POP3 reception flow in the present invention;

fig. 5 is a block diagram of IMAP reception flow in the present invention;

FIG. 6 is a block diagram of Exchange reception flow in the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings.

As shown in fig. 1 to fig. 6, the present invention provides a method for receiving mails based on multiple protocols, which includes a Cookie receiving flow, a WebMail receiving flow, a POP3 receiving flow, an IMAP receiving flow, an Exchange receiving flow, and a receiving monitoring flow.

The Cookie receiving does not need to actually acquire an account password of a target mailbox, and the Cookie acquired through a special channel directly completes mail receiving, wherein the process specifically comprises the following steps:

step S311: obtaining mailbox Cookie information of the target object; in the actual case handling work, mailbox Cookie information of a target object can be accidentally intercepted. Such as traffic monitoring equipment, local area network monitoring software, wireless WIFI frame-approaching equipment, and the like;

step S312: resolving Cookie; a Cookie is actually a string of characters stored on the user's local terminal by some websites for user identity recognition and session tracking. Many key value-pair combinations can be obtained through Cookie analysis, and then Cookie information is set in an HTTP request header, so that the aim of authentication and authorization through a server is fulfilled;

step S313: simulating an HTTP request; simulating an HTTP request data packet of interaction between a client browser and a server program in the processes of mailbox login and mail viewing of a real user, and acquiring return information of a server through HTTP request disguising; since the HTTP request emulation is completely consistent with the user actually accessing using a browser, the mail server cannot recognize and distinguish.

Step S314: e, mail downloading; the mail downloading is completed by acquiring the mail downloading links in batch and the request parameters of each downloading link, and executing HTTP data packet sending and returned data receiving in a multithread mode.

The WebMail receiving process adopts the acquired mailbox account number password to receive the mail, and is characterized in that the mail is traceless, no trace is left in the mailbox, and the read and unread state of the mail is not changed. The method specifically comprises the following steps:

step S321: logging in a password; analyzing the login process of the target mailbox in detail, requesting HTTP address, HTTP header information and Post parameter of the request, and then simulating and sending a data packet containing an encrypted account password through the HTTP request;

step S322: identifying the verification code; aiming at part of mailboxes needing to log in verification codes, verification code identification including numbers, letters, capital and lower cases and Chinese characters is provided, and the identified verification codes are sent to a server through a third-party verification code identification component to finish login authentication;

step S323: traversing the mail folder; after the mailbox is logged in, starting to traverse a mail folder list of a target user, wherein the mail folder list comprises an inbox, a sent mail box, a draft box, a deleted mail, a junk mail, an archived mail and self-defined mail folder information;

step S324: e, downloading the mail; the mail downloading is completed by acquiring the mail downloading links in batch and the request parameters of each downloading link, and executing HTTP data packet sending and returned data receiving in a multithread mode;

step S325: the mail is traceless; and (4) checking and modifying the unread mail in the mailbox again aiming at the mail with the original unread state in the mailbox, and not influencing the unread state if the mail is in the read state.

The IMAP Protocol is called Internet Message Access Protocol (Internet Protocol) and also called interactive mail Access Protocol (Interactive mail Access Protocol), and the IMAP receiving process can realize mail receiving of all mail folders; the collecting process specifically comprises the following steps:

step S331: configuring an IMAP server; the method comprises the following steps of configuring information such as an IMAP server address, IMAP server encryption information, an IMAP server communication port and the like;

step S332: authorizing login; establishing a TCP connection by using the IMAP server address information configured in the step S331, and sending a mailbox account authentication and a mailbox encryption password in a preset encryption mode to finish authorized login;

step S333: traversing the mail folder; traversing the mail folder LIST through an LIST instruction, and circularly inquiring and traversing the mail LIST through a Fetch instruction;

step S334: e, mail downloading; mail downloading is completed by obtaining mail contents in batch and writing the mail contents into local storage by using multithreading.

The POP3 Protocol is called Post Office Protocol version3, and the POP3 mail receiving flow mainly aims at receiving mails of an inbox. The collecting process specifically comprises the following steps:

step S341: configuring a POP3 server; the method comprises configuration information such as a POP3 server address, POP3 server encryption information, a POP3 server communication port and the like;

step S342: authorizing login; establishing TCP connection by using the address information of the POP3 server configured in the first step, and sending mailbox account authentication and mailbox encryption passwords in a preset encryption mode to finish authorized login;

step S343: traversing an inbox; traversing the mail ID LIST of the inbox through the UIDL instruction, and circularly querying and traversing the mailbox of the inbox LIST through the LIST instruction;

step S344: e, downloading the mail; mail downloading is completed by obtaining mail contents in batch and writing the mail contents into local storage by using multithreading.

The Exchange receiving process can receive the mail without obtaining account number and password, and the receiving can be carried out through NTLM Hash obtained through a special channel. The collecting process specifically comprises the following steps:

step S351: NTLM Hash receiving; in actual case handling work, particularly in a domain control scene, an NTLM Hash value of a target object can be intercepted in a network sniffing mode, a flow monitoring mode and the like;

step S352: NTLM Hash analysis; the method comprises the steps that data analysis and local authorization information disguise are completed by transmitting mailbox information, domain control Domain and a 32-bit NTLM Hash character string of a target object and using an independently developed NTLM Hash analysis program;

step S353: authorizing login; after the NTLM Hash analysis in step S352, the local computer has performed authorization information disguise. Simulating Exchange mailbox login at the moment; to achieve the effect of verifying the authorization bypassing the server;

step S354: e, traversing the mails; traversing the mail folder list by using an Exchange receiving protocol to complete ID list statistics and mail content query of all mails;

step S355: e, mail downloading; mail downloading is completed by obtaining mail contents in batch and writing the mail contents into local storage by using multithreading.

The receiving monitoring process is responsible for resource occupation monitoring, server limitation measure monitoring, receiving progress monitoring and the like of the whole receiving task.

The method specifically comprises the following steps:

step S1: creating a receiving task; setting parameters such as mailbox receiving type, all receiving or appointed mailbox receiving quantity, all receiving or appointed sending time, single receiving or polling receiving and the like to initialize receiving tasks according to actual receiving requirements;

step S2: distributing a receiving circuit; according to the actual active address of the target object, the country and the region are designated, the message receiving program automatically selects the optimal line according to the information of the country and the region, the network line and the common line of the actual target object are kept in the similar region, and the network speed and the data downloading speed are considered at the same time;

and step S3: starting multithread receiving; in the process of receiving the mailbox, initializing a multithreading receiving method according to the mailbox type of the target object, and performing data interaction and data downloading in a highly concurrent mode;

and step S4: receiving policy monitoring; and in the mail downloading process, starting receiving strategy monitoring. The mail receiving strategy monitoring has two main works, one is to monitor the mail receiving statistics, the flow limiting strategy and the quantity limiting strategy of the mailbox, and the other is to monitor the mail receiving progress and feed back to the front-end user in a message queue mode;

step S5: completing the receiving task; and releasing resources occupied by the mail receiving task, filing and storing the downloaded mails, and displaying log information and statistical information in the mail receiving process.

The mail receiving method based on the multiprotocol can intelligently select the IP line according to the areas where the target mailbox and the target object frequently log in the execution process, improve the safety and prevent abnormal reminding of the server. And the method covers Cookie receiving, webMail receiving, IMAP receiving, POP3 receiving and Exchange receiving, and can flexibly adopt different receiving modes in the face of different scenes and requirements. The mail receiving method based on the multi-protocol adopts a distributed receiving mechanism, can realize high-concurrency and multi-thread receiving in a short time, and meets the receiving requirement of massive mails. The mail receiving method based on the multiprotocol is provided with a server flow monitoring strategy aiming at different mailbox types. And limiting the single-day flow of mail downloading for part of the mailboxes, limiting the maximum mail downloading quantity per hour for part of the mailboxes, and the like, and automatically counting the flow and adjusting the speed.

The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (7)

1. A mail receiving method based on multiple protocols is characterized in that: the method comprises the following steps:

step S1: creating a receiving task; setting corresponding parameters to initialize a receiving task according to the actual receiving requirement;

step S2: distributing a receiving circuit; according to the actual active address of the target object, the country and the region are designated, and the receiving program selects the optimal line according to the information of the country and the region;

and step S3: starting multithread receiving; in the process of receiving the mailbox, initializing a multithreading receiving method according to the mailbox type of the target object, and performing data interaction and data downloading in a highly concurrent mode;

and step S4: receiving policy monitoring; in the mail downloading process, starting receiving strategy monitoring;

step S5: completing the receiving task; and releasing resources occupied by the mail receiving task, filing and storing the downloaded mail, and displaying log information and statistical information in the mail receiving process.

2. A method for multi-protocol based mail collection according to claim 1, wherein: the multithreading mail receiving in the step S3 specifically comprises Cookie receiving, webMail receiving, IMAP receiving, POP3 receiving and Exchange receiving.

3. A method for multi-protocol based mail collection according to claim 2, wherein: the Cookie receiving flow specifically comprises the following steps:

step S311: obtaining mailbox Cookie information of the target object;

step S312: resolving the Cookie; obtaining a plurality of key value pair combinations through Cookie analysis, and setting the Cookie information into an HTTP request;

step S313: simulating an HTTP request; simulating an HTTP request data packet of interaction between a client browser and a server program in the processes of mailbox login and mail viewing of a real user, and acquiring return information of a server through HTTP request disguising;

step S314: e, mail downloading; the mail downloading is completed by acquiring the mail downloading links in batch and the request parameters of each downloading link, and executing HTTP data packet sending and returned data receiving in a multithread mode.

4. A method for multi-protocol based mail collection according to claim 2, wherein: the WebMail receiving process adopts the acquired mailbox account password to receive the mail, and specifically comprises the following steps:

step S321: logging in a password; analyzing the login process of the target mailbox in detail, requesting HTTP address, HTTP header information and Post parameter of the request, and then simulating and sending a data packet containing an encrypted account password through the HTTP request;

step S322: identifying the verification code; aiming at part of mailboxes needing to log in verification codes, verification code identification including numbers, letters, capital and lower cases and Chinese characters is provided, and the identified verification codes are sent to a server through a third-party verification code identification component to finish login authentication;

step S323: traversing the mail folder; after the mailbox is logged in, starting to traverse a mail folder list of a target user, wherein the mail folder list comprises an inbox, a sent mail box, a draft box, a deleted mail, a junk mail, a filing mail and self-defined mail folder information;

step S324: e, downloading the mail; the mail downloading is completed by acquiring the mail downloading links in batch and the request parameters of each downloading link, and executing HTTP data packet sending and returned data receiving in a multithread mode;

step S325: the mail is traceless; and (4) checking and modifying the unread state of the mails in the mailbox, wherein the unread state of the mails is unread, and if the unread state of the mails is read, the unread state is not influenced.

5. A multi-protocol based mail receiving method according to claim 2, wherein: the IMAP receiving process specifically comprises the following steps:

step S331: configuring an IMAP server; the method comprises the following steps of configuring information such as an IMAP server address, IMAP server encryption information, an IMAP server communication port and the like;

step S332: authorizing login; establishing a TCP connection by using the IMAP server address information configured in the step S331, and sending a mailbox account authentication and a mailbox encryption password in a preset encryption mode to finish authorized login;

step S333: traversing the mail folder; traversing the mail folder LIST through an LIST instruction, and circularly inquiring and traversing the mail LIST through a Fetch instruction;

step S334: e, mail downloading; mail downloading is completed by obtaining mail contents in batch and writing the mail contents into local storage by using multithreading.

6. A method for multi-protocol based mail collection according to claim 2, wherein: the POP3 receiving flow specifically comprises the following steps:

step S341: configuring a POP3 server; the method comprises configuration information such as a POP3 server address, POP3 server encryption information, a POP3 server communication port and the like;

step S342: authorizing login; establishing TCP connection by using the address information of the POP3 server configured in the first step, and sending mailbox account authentication and mailbox encryption passwords in a preset encryption mode to finish authorized login;

step S343: traversing the inbox; traversing the mail ID LIST of the inbox through the UIDL instruction, and circularly querying and traversing the mailbox of the inbox LIST through the LIST instruction;

step S344: e, mail downloading; mail downloading is completed by obtaining mail contents in batch and writing the mail contents into local storage by using multithreading.

7. A multi-protocol based mail receiving method according to claim 2, wherein: the Exchange receiving process specifically comprises the following steps:

step S351: NTLM Hash receiving; intercepting an NTLM Hash value of a target object in modes of network sniffing, flow monitoring and the like;

step S352: NTLM Hash analysis; the method comprises the steps that through the incoming mailbox information, the Domain control Domain and the 32-bit NTLM Hash character string of a target object, an independently developed NTLM Hash analysis program is used for completing data analysis and local authorization information disguising;

step S353: authorizing login; after the NTLM Hash analysis in step S352, the local computer has performed authorization information disguise. Simulating Exchange mailbox login at the moment;

step S354: e, traversing the mails; traversing the mail folder list by using an Exchange receiving protocol to complete ID list statistics and mail content query of all mails;

step S355: e, mail downloading; mail downloading is completed by obtaining mail contents in batch and writing the mail contents into local storage by using multithreading.

Images