Daily Blog #392: Exploring Extended MAPI Part 6

Exploring Extended MAPI Part 6 by David Cowen - Hacking Exposed Computer Forensics Blog



Hello Reader,
        I will continue my testing next week with multiple user accounts modifying a message but one thing has caught my attention. I have noticed that for Office 365 atleast the X-Originating IP header has returned and id also present in the Extended MAPI data.

As seen below the test message I have been working with and replying to has an X-Originating IP header set.

Exploring Extended MAPI Part 5 by David Cowen - Hacking Exposed Computer Forensics Blog

This is interesting to me as for some time most services have been dropping this header or placing the IP address of the mail server in its place. In this case its showing the IP address of the Tmobile NAT gateway since I was connected to my phone's hotspot when I sent this message.

I need to test this again using the web interface but I'm always happy when old useful headers come back to life.


This is a 19-part series on Exploring Extended MAPI. You can find the rest of the posts here

Post a Comment