Jump to content

SSL Gmail with OpenSSL

mikeytown2

By mikeytown2,
in AutoIt Example Scripts

 Share

Recommended Posts

  • Replies 63
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

  • 3 months later...
  • 1 year later...
hevoxer Seeker

hevoxer

Posted
Posted (edited)

This functions don't works properly in my case. It seems that problem is in stdoutread when using openssl running as child process in cmd window. I don't know what exactly, but something is buggy with communication in that way, sending some characters to cmd active window sometimes unblock something and StdoutRead works but this is unreliable. The same method of fixing bug I saw in script when I look closer to it. I spend a lot of hours trying to solve this problem and I gave up. Finally, I started to search some other method to connect with POP3 server using SSL, and I found :-D. Everything what is needed is stunnel program which was written by my fellow-countryman MichaƂ Trojnara. This program wrapped around POP3 protocol (and others protocols too) in SSL. You must only write few line in configuration file, and start this program as Windows service and connect to your localhost first time using for example putty to try manually how it works and second time you can write some AutoIt script with TCPStartup(), TCPConnect(), TCPSend(), TCPRecv(), TCPShutdown() commands. It is realy simple and no problems with outputs data which are receiving with TCPRecv() to string variable.

Configuration file for stunnel for POP3.

First backup existing file - copy it and change name.

---------------------------------------------------------------- STUNEL CONFIGURATION FILE ------------------------------------

; Sample stunnel configuration file for Win32 by Michal Trojnara 2002-2012

; Some options used here may be inadequate for your particular configuration

; This sample file does *not* represent stunnel.conf defaults

; Please consult the manual for detailed description of available options

; **************************************************************************

; * Global options *

; **************************************************************************

; Debugging stuff (may useful for troubleshooting)

;debug = 7

;output = stunnel.log

; Disable FIPS mode to allow non-approved protocols and algorithms

;fips = no

; **************************************************************************

; * Service defaults may also be specified in individual service sections *

; **************************************************************************

; Certificate/key is needed in server mode and optional in client mode

cert = stunnel.pem

;key = stunnel.pem

; Authentication stuff needs to be configured to prevent MITM attacks

; It is not enabled by default!

;verify = 2

; Don't forget to c_rehash CApath

;CApath = certs

; It's often easier to use CAfile

;CAfile = certs.pem

; Don't forget to c_rehash CRLpath

;CRLpath = crls

; Alternatively CRLfile can be used

;CRLfile = crls.pem

; Disable support for insecure SSLv2 protocol

options = NO_SSLv2

; Workaround for Eudora bug

;options = DONT_INSERT_EMPTY_FRAGMENTS

; These options provide additional security at some performance degradation

;options = SINGLE_ECDH_USE

;options = SINGLE_DH_USE

; **************************************************************************

; * Service definitions (at least one service has to be defined) *

; **************************************************************************

; Example SSL server mode services

;[pop3s]

;accept = 995

;connect = 110

;[imaps]

;accept = 993

;connect = 143

;[ssmtp]

;accept = 465

;connect = 25

; Example SSL client mode services

[pop3] ;This is about what below lines apply to

client = yes ;This means that stunnel works in client mode

accept = 127.0.0.1:110 ;Port number on our machine on which stunnel will be listen to incoming non-ciphered connection. By default if POP3 is non secured 110 is the port on which it works. That could be any other free port.

connect = poczta.o2.pl:995 ;on this server and port, stunnel redirect connection incoming on localhost 110 but now it will be ssl secured. And that's it! CHANGE SERVER NAME TO YOUR OWN!!!

;[gmail-imap]

;client = yes

;accept = 127.0.0.1:143

;connect = imap.gmail.com:993

;[gmail-smtp]

;client = yes

;accept = 127.0.0.1:25

;connect = smtp.gmail.com:465

; Example SSL front-end to a web server

;[https]

;accept = 443

;connect = 80

; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SSL

; Microsoft implementations do not use SSL close-notify alert and thus

; they are vulnerable to truncation attacks

;TIMEOUTclose = 0

; vim:ft=dosini

------------------------------------------------- END STUNEL CONFIGURATION FILE ---------------------------------------

Now. Install stunnel service, run stunnel service.

Now we can run putty and connect to localhost using telnet but on port 110 and we will see

+OK your.email.service.provider Ready

next login with

USER username

+OK

PASS password

+OK

LIST .... etc...

The same sequence of commands we can send with TCP autoit function and write errors handling if someting is not correct. Easy ehh??!! :-)

Sample of code in which I took only a positive scenario, it saves content of email nr 2 in C:file.txt. Target server is poczta.o2.pl, popular polish email service provider. Config file looks like that:

;[POP3 configuration] <- This is comment about what below lines apply to

client = yes ;This means that stunnel works in client mode

accept = 127.0.0.1:110 ;Port number on our machine on which stunnel will be listen to incoming non-ciphered connection. By default if POP3 is non secured 110 is the port on which it works. That could be any other free port.

connect = poczta.o2.pl:995

Global $LOGIN="username_login"
Global $PASS="password_123"
Global $TIMEOUT=5000;

TCPStartup()
$SOCKET=TCPConnect("127.0.0.1","110")
sleep($TIMEOUT);time for server to respond
$receive=TCPRecv($SOCKET,65536);
;MsgBox(1,"",$receive)
If StringRegExp($receive,"+OKsPOP3spoczta.o2.plsReady",0) Then
MsgBox(1,"","Connected with poczta.o2.pl!",1);
Else
MsgBox(1,"","Error when connecting with poczta.o2.pl",1);
EndIf
sleep(1000);
$request="USER "&$LOGIN&@CRLF
TCPSend($SOCKET,$request);
sleep($TIMEOUT);time for server to respond
$receive=TCPRecv($SOCKET,65536)
If StringRegExp($receive,"+OK",0) Then
MsgBox(1,"","Login correct",1);
Else
MsgBox(1,"","Login incorrect",1);
EndIf
sleep(1000);
$request="PASS "&$PASS&@CRLF
TCPSend($SOCKET,$request);
Sleep($TIMEOUT);time for server to respond
$receive=TCPRecv($SOCKET,65536)
If StringRegExp($receive,"+OK",0) Then
MsgBox(1,"","Password correct",1);
Else
MsgBox(1,"","Password incorrect",1);
EndIf
sleep(1000);
$request="RETR 2"&@CRLF
TCPSend($SOCKET,$request)
Sleep($TIMEOUT)
$receive=TCPRecv($SOCKET,65536)
$hwnd=FileOpen("C:mail.txt",2)
FileWrite($hwnd,$receive);
FileClose($hwnd);
sleep(1000);
$request="QUIT"&@CRLF
TCPSend($SOCKET,$request);
Sleep($TIMEOUT)
$receive=TCPRecv($SOCKET,65536)
If StringRegExp($receive,"+OK",0) Then MsgBox(1,"","POP3 session complete.");
TCPShutdown()

Great ready UDF's are here:

Edited by hevoxer
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...