Hi,
as i know a basic authentication session is a session in which user and password are sent clearly so can be sniffed and found
i have a software which just uses in basic authentication so i made a basic auth receive connector and sent an email and captured traffic as follows but I cannot see user and pass
Am i doing the capture wrong or I am completely wrong about the theory of finding passwords in a basic auth session to exchange 2010
220 HCAS1.test.net Microsoft ESMTP MAIL Service ready at Thu, 5 Sep 2013 22:09:48 +0330
EHLO PC-Client
250-HCAS1.test.net Hello [172.20.16.16]
250-SIZE 10485760
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH LOGIN
250-8BITMIME
250-BINARYMIME
250 CHUNKING
AUTH LOGIN
334=
235 2.7.0 Authentication successful
MAIL FROM:<test@test.net>
250 2.1.0 Sender OK
RCPT TO:<recipient@test.net>
250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
MIME-Version: 1.0
Date: Thu, 05 Sep 2013 22:07:05 +0330
Message-ID: <a41b32f3a6f15abf@ba57f9d7ac1a5d1a>
From: test@test.net
To: recipient@test.net
Subject: =?utf-8?B?2KrYs9iqINiq2KfZitmK2K8g2YbYp9mF2Yc=?=
Content-Type: multipart/mixed;
.boundary="63be419b.187d.49f9.8e8a.75ff42fce7cc"
X-ECE_SEND: 1.01
--63be419b.187d.49f9.8e8a.75ff42fce7cc
Content-Type: multipart/alternative;
.boundary="c6b66bd1.6427.4f02.8cb8.0bc744a41429"
Payne is back