I'm trying to implement a POP3 client in C#, and the authentication using AUTH PLAIN is killing me. I'm using my account on pop3.live.com for testing, but can't get past beyond the authentication. I've tried connecting via SSL over port 995 and regular 110 (then switching to TLS), but can't manage to get authenticated.
I'm using TcpClient class to establish a connection and get a +OK response from the server. When doing a non-SSL connection I check the capabilities with the command CAPA, and get the response STLS. So I send the command STLS, switch to SslStream, send another CAPA command to check for authentication mechanisms and get that SASL PLAIN is supported (which was not in the regular connection).
Now I don't know what to send with AUTH PLAIN - I've tried sending base64 "account\0account#hotmail.com\0password", "\0account#hotmail.com\0password", "\0account\0password" ... all possible combinations, but either get "Protocol error" when sending the credential in line with AUTH PLAIN, or "Unauthorized ..." when sending the credentials after sending AUTH PLAIN (returns "+ " as expected).
Am I missing something? Can anyone provide a example how to authenticate when using SSL/TLS?
Thanks!
You need to use "\0account#hotmail.com\0password"
Related
The Exchange host that I am trying to send emails from does not require authentication. In the past I have successfully achieved this using SmtpClient Class, but as Microsoft is recommending Mailkit, I prefer going for this one.
Does Mailkit always require a username and a password to connect? I have been searching for an answer everywhere but I cannot seem to find one.
This is my code so far:
private void Send(MimeMessage message)
{
using (var client = new SmtpClient(new ProtocolLogger(Console.OpenStandardOutput())))
{
client.Connect(Host, Port, SecureSocketOptions.None);
client.Send(message);
client.Disconnect(true);
}
}
And of course I am getting an error: 5.7.1 client was not authenticated
Thank you loads.
Does Mailkit always require a username and a password to connect? I have been searching for an answer everywhere but I cannot seem to find one.
MailKit does not require authentication - that's up to the server to require it or not.
If a server doesn't require authentication, your code just needs to not call client.Authenticate() (or AuthenticateAsync if you are using async code) just like you attempted to do in your example code snippet.
5.7.1 client was not authenticated is an error that came from your SMTP server when you attempted to send a message and suggests that your SMTP server is configured to require authentication.
None of the exception messages that MailKit throws start with an error code string (5.7.1 is an SMTP error code), so if an exception is thrown starting with an SMTP error code string, then it means it came from the server.
This is the issue.
I have an https request. The request is is being sent as an SSL / TLS request (Not the CONNECT .... that comes from a browser with the proxy setup).
I need to write a proxy in c# that blocks a specific https://foo.com/foo.htm request but lets through https://foo.com/anything_else.htm.
I can do this fine creating a MITM attack with a new certificate etc etc.
But Im now wondering if there is an easy way to do this Im missing without using a MITM attack as I have no need to decrypt the data. I only need to know the URI/file.
I can easily just transfer streams but I want to know if there is a simple way to transfer the streams after I have read the URI and file.
I can write some fancy code to pull apart the tcp request and thats what I may have to do.
Anybody any ideas before I go down this path. Remember there is no CONNECT request. Just direct SSL / TLS.
The main reason for this is it just makes things simpler not creating self signed certificates etc.
Maybe its even possible to use the real certificate somehow from the server end as I dont need to decrypt any of the no header data.
I find the networking side of c# is not very well documented and a little all over the place.
Just for reference i can get the URI from the TcpClient using:
IPEndPoint ipEndPoint = (IPEndPoint)clientTcpClient.Client.RemoteEndPoint;
IPAddress ipAddress = ipEndPoint.Address;
// Get the hostname.
IPHostEntry ipHostEntry = Dns.GetHostEntry(ipAddress);
String hostName = ipHostEntry.HostName;
// Get the port.
Int32 port = ipEndPoint.Port;
But not the requested page.
While the target hostname might be visible in the TLS handshake as SNI extension or by analyzing the certificate returned by the server the path component of the URL is only contained in the HTTP request. Since this HTTP request is only done after TLS handshake and the request is thus already encrypted you cannot get to the full path without decrypting the request. This means that blocking access to a specific path is not possible without SSL man in the middle and thus requires a certificate for the target site owned by the man in the middle and trusted by the client.
Not that this is true for CONNECT requests too since these requests only contain the target hostname but the path component is again only contained in the encrypted HTTP request sent inside the tunnel created by CONNECT.
I am trying to convert our current email agent to send email with TLS. We use C# and I just used the following changes.
SmtpClient sclient = new SmtpClient();
sclient.EnableSsl = true;
and a callback method to validate server certificate.
On Testing the mail was sent/received successully, but both I and the receiving end cannot be 100% sure the the email was received encrypted. (I tried to use Fiddler but its not capturing the email)
Based on this http://luxsci.com/blog/how-you-can-tell-if-an-email-was-sent-using-tls-encryption.html, and the header as below
with ESMTP id s7JKErN9002462
(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO);
Can we safely assume that the mail communication indeed was encrypted? or Should I make any other code changes so that I can be sure that the email is received or it failed? (I think this cannot be certain as it depends on the smtp host) ?
In the end you can always check the TLS connection using network sniffer software such as WireShark.
Of course if you only leave a connection open to the SSL port of the server, and you receive the server certificate, you can be pretty certain the mail did not appear from the blue sky anyway.
You can safely assume that if you are able to connect and send, that the tunnel you're delivering the mail to is secure.
The SmtpClient code is solid and you can trust it. If it fails to connect securely after you've asked it to, it throws an exception, so you'll know something is not like you were expecting.
I am trying to build a program that will connect to an IP address (preferably that of a router) to a specific port (mainly 80) and will try to authenticate and then go on with further actions.
I started without knowing how to communicate with the router/server so i did this:
while (tcpSocket.Available > 0)
{
int input = tcpSocket.GetStream().ReadByte();
But it always gets a tcpSocket.Available = 0
So then i found out that i have to send a specific cmd for it to talk to me.
http://msdn.microsoft.com/en-us/library/cc247846.aspx
and made this
var client = new TcpClient(ip, port);
var data = Encoding.GetEncoding(1252).GetBytes(cmd);
var stm = client.GetStream();
stm.Write(data, 0, data.Length);
Now I dont understand how to format the cmds the cmd based on this http://www.ietf.org/rfc/rfc2941.txt
Would be 37 - 1?
Thank you for reading
P.S dont know if i should point this to SuperUser or ServerFault
I think you need to go back to simpler questions and investigations.
First: What protocol is actually running on the server you are connecting to? Port 80 suggests it is HTTP (port 80 is typically reserved for HTTP). Telnet typically runs on port 23.
If it is HTTP you need to follow the protocol defined in RFC 2616 (with the authentication options defined in RFC 2617).
Even simpler yet: connect to the server using PuTTY (or other preferred telnet client). What do you need to do in order to log in? If it is a telnet server then it will probably show a banner followed by a login prompt. You will type the username followed by return, then it will show you a password prompt. If it is a HTTP server then it will probably show you nothing at all, but type HTTP/1.0 (return) HEAD / (return) and you should see a HTTP message response. Whatever you need to do using PuTTY, your program will need to do exactly the same thing.
I am trying to create a simple xmpp client that connects to Gtalk.
The first part of the handshake seems to work.
Ror the TLS handshake I created a client SslStream, connected to the intended server (talk.google.com) and successfully got authenticated .
The first SSlStream.Read is to receive the greeting reply, it went fine . I do a SslStream.write to send my first command, but when i do my Sslstream.Read() to get the reply , i get this error."System.IO.IOException: Unable to read data from the transport connection: An established connection was aborted by the software in your host machine."
Can anyone point me to the right direction?
I am using code very similar to the example on msdn http://msdn.microsoft.com/en-us/library/system.net.security.sslstream.aspx
except that I switch from a Network stream to a Sslstream when TLS is negotiated.
netStream.Flush();
sslStream = new SslStream(netStream,
true,
new RemoteCertificateValidationCallback(ValidateServerCertificate),
null
);
sslStream.AuthenticateAsClient("talk.google.com");
I'd try using one of the existing XMPP libraries for .Net:
Jabber-Net: http://code.google.com/p/jabber-net/
agsXMPP: http://www.ag-software.de/agsxmpp-sdk/
Even if you don't use of these libs, you'll get some good ideas from looking at the code.
In this case, you probably want:
sslStream.AuthenticateAsClient("gmail.com");
where gmail.com is the domain name from the JID you're trying to log in as.