From b316c8a426db60519f666fd4dad53847295787c6 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Wed, 29 May 2019 15:18:00 -0300 Subject: [PATCH 1/4] Fixed header not showing all 'Received' information. Now it's a string Fixed displayTo attribute name not compatible with the thehive template --- analyzers/EmlParser/parse.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/analyzers/EmlParser/parse.py b/analyzers/EmlParser/parse.py index ce4f1e0c0..a839ef980 100755 --- a/analyzers/EmlParser/parse.py +++ b/analyzers/EmlParser/parse.py @@ -65,9 +65,10 @@ def parseEml(filepath): #parsing the headers with the email library #cause eml_parser does not provide raw headers (as far as I know) + #splited string because it was returning the body inside 'Content-Type' hParser = email.parser.HeaderParser() - h = hParser.parsestr(raw_eml) - result['headers'] = dict(h) + h = str(hParser.parsestr(raw_eml)) + result['headers'] = h[:h.index('Content-Type:')] parsed_eml = eml_parser.eml_parser.decode_email(filepath, include_raw_body=True, include_attachment_data=True) #parsed_eml['header'].keys() gives: @@ -80,7 +81,7 @@ def parseEml(filepath): result['sender'] = ', '.join(parsed_eml.get('header', '').get('header', '').get('x-env-sender', '')) result['topic'] = ', '.join(parsed_eml.get('header', '').get('header', '').get('thread-topic', '')) result['bcc'] = parsed_eml.get('header', '').get('header', '').get('bcc', '') - result['displayto'] = ', '.join(parsed_eml.get('header', '').get('header', '').get('to', '')) + result['displayTo'] = ', '.join(parsed_eml.get('header', '').get('header', '').get('to', '')) #for some emails, the body field is empty because the email body is #identified as an attachment From 063e9e88e775a67c13a02f3caa21c3dc371d29cf Mon Sep 17 00:00:00 2001 From: Gabriel Date: Wed, 29 May 2019 15:29:24 -0300 Subject: [PATCH 2/4] Fixed another displayTo needed --- analyzers/EmlParser/parse.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/analyzers/EmlParser/parse.py b/analyzers/EmlParser/parse.py index a839ef980..90b247537 100755 --- a/analyzers/EmlParser/parse.py +++ b/analyzers/EmlParser/parse.py @@ -54,7 +54,7 @@ def parseEml(filepath): result['sender'] = str() result['topic'] = str() result['bcc'] = str() - result['displayto'] = str() + result['displayTo'] = str() result['headers'] = str() result['body'] = str() result['attachments'] = list() From cbdf9bf2e012ed8dd1a61e40d46b6bbf1ce10ccf Mon Sep 17 00:00:00 2001 From: Gabriel Date: Fri, 31 May 2019 16:13:33 -0300 Subject: [PATCH 3/4] Fixed header in template to be string --- thehive-templates/EmlParser_1_1/long.html | 175 ++++++++++------------ 1 file changed, 82 insertions(+), 93 deletions(-) diff --git a/thehive-templates/EmlParser_1_1/long.html b/thehive-templates/EmlParser_1_1/long.html index afc431a20..849c11439 100644 --- a/thehive-templates/EmlParser_1_1/long.html +++ b/thehive-templates/EmlParser_1_1/long.html @@ -1,96 +1,85 @@
-
- {{(artifact.data || artifact.attachment.name) | fang}} -
-
- {{content.errorMessage}} -
+
+ {{(artifact.data || artifact.attachment.name) | fang}}
- - -
-
- Email message details -
-
-
Is anonymous proxy
-
Is satellite provider
- -
-
From
-
{{content.displayFrom}} ({{content.sender}})
-
-
-
To
-
{{content.displayTo}} ({{content.receivers}})
-
-
-
Subject
-
{{content.subject || '-'}}
-
-
-
Topic
-
{{content.topic || '-'}}
-
-
-
Bcc
-
{{content.bcc || '-'}}
-
-
-
Attachments
-
-
This message file includes - -
- - - - - - - - - - - - - - - - - - - - - - - -
FilenameFile information
{{a.filename}}[MD5]: {{a.md5}}
[SHA1]: {{a.sha1}}
[SHA256]: {{a.sha256}}
- {{a.mime}} -
-
-
-
-
Headers
-
- - - - - - - - - -
HeaderContent
{{k}}{{v}}
-
-
-
-
Body
-
- 
{{content.body}}
-
-
-
+
+ {{content.errorMessage}}
- +
+ +
+
+ Email message details +
+
+
Is anonymous proxy
+
Is satellite provider
+ +
+
From
+
{{content.displayFrom}} ({{content.sender}})
+
+
+
To
+
{{content.displayTo}} ({{content.receivers}})
+
+
+
Subject
+
{{content.subject || '-'}}
+
+
+
Topic
+
{{content.topic || '-'}}
+
+
+
Bcc
+
{{content.bcc || '-'}}
+
+
+
Attachments
+
+
This message file includes + +
+ + + + + + + + + + + + + + + + + + + + + + + +
FilenameFile information
{{a.filename}}[MD5]: {{a.md5}}
[SHA1]: {{a.sha1}}
[SHA256]: {{a.sha256}}
+ {{a.mime}} +
+
+
+
+
Headers
+
+ 
{{content.headers}}
+
+
+
+
Body
+
+ 
{{content.body}}
+
+
+
+
\ No newline at end of file From 4f978f00d9911d871de1d1fa96b476cdfada60a7 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Fri, 31 May 2019 16:15:49 -0300 Subject: [PATCH 4/4] Added new line at the end of html --- thehive-templates/EmlParser_1_1/long.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/thehive-templates/EmlParser_1_1/long.html b/thehive-templates/EmlParser_1_1/long.html index 849c11439..7c80d2c05 100644 --- a/thehive-templates/EmlParser_1_1/long.html +++ b/thehive-templates/EmlParser_1_1/long.html @@ -82,4 +82,4 @@
- \ No newline at end of file +