Post by j on Mar 7, 2017 1:36:46 GMT -5
General Email Header Analysis
* Remember to sanitize header of sensitive information before using these tools
Things to keep in Mind
Some Related Jargons/Params
* Remember to sanitize header of sensitive information before using these tools
- www.levinecentral.com/mail_parse/default.aspx
- toolbox.googleapps.com/apps/messageheader/
- www.dnsstuff.com/tools#runEPA
Things to keep in Mind
- OWA is designed in a ASP.NET MVC structure.
- More on MVC can be read here - msdn.microsoft.com/en-us/library/dd381412(v=vs.108).aspx
- Typically, ev.owa is the page that handles user actions.
- There will be a page that responds to the user's action.
- Typically, /owa/forms/premium/SubPageEventHandler.aspx is the page.
- TIP-1: When analysing the logs, try to maintain an understanding to the current URI Query String parameters but keep a few log lines back in scope.
- TIP-1: This is because the logs may be verbose, but there is only one user action.
- TIP-2: Look at the logs in the manner of cause then effect. E.g. User clicked something, then the next few logs are responses by the server.
- TIP-3: Logically segment the logs via POST >> then >>> GET, or evaluate accordingly
Some Related Jargons/Params
- IPM.Note - An email
- vlv - Virtual List View, an ASP.NET container, data strucutre, whatever.
- ae - Application Element
- a - action
- t - type
- id - identifier
- ea - email address
- s - state
- OWA Web Parts -
https://technet.microsoft.com/en-us/library/bb232199.aspx - URL Parameters -
https://msdn.microsoft.com/en-us/library/office/bb891801(v=exchg.140).aspx#URL Parameters - OWA Item Types -
https://msdn.microsoft.com/en-us/library/office/ff861573.aspx - All Things Outlook -
https://msdn.microsoft.com/en-us/library/office/fp161224.aspx