Skip to content

A Thunderbird add-on to facilitate forwarding malicious emails to analysts

License

Notifications You must be signed in to change notification settings

rjhansen/suspicious-email-submitter-tb

Repository files navigation

Suspicious Email Submitter

The Suspicious Email Submitter is an extension for common web browsers and email clients that enables the user to easily submit a suspicious email with all the information necessary to a pre-configured destination for further analysis, such as a MISP instance or email address.

This project is hosted by the Computer Incident Response Center for Civil Society (CiviCERT), representing the needs of the at-risk communities Rapid Response Network member organizations serve. The extension will be built to be easily configurable for use by other organizations and communities both within and beyond these communities.

How to use Thunderbird Suspicious Email Submitter addon

The Suspicious Email Submitter requires configuration or a configuration file in order to function. This can be as basic as a destination email address (entered as mailto:[email protected]) in the Server URL of the configuration file.

Globally

In the global menubar there will be an entry, “SES”, with two child items: “Edit configuration” which allows you to view and edit the current configuration, and “About Suspicious Email Submitter”, which will take you to SES’s home on the web.

Toolbars

Both the 3-pane view toolbar and the single-message-view toolbar have a button added labeled “Report via Suspicious Email Submitter”. Once SES is configured, this button will send the email off to whatever MISP upstream has been set up.

Context menu

In the mail context menu there’s a “Report via Suspicious Email Submitter” entry.

Contributing: How can I build it?

You will need Python 3.5 or later to build from source.

  • Download the latest source and uncompress it to a directory of your choice
  • Open a terminal window and change to that directory
  • Run python3 ./make-xpi.py, which will place ses-tb.xpi in your home directory
  • Start Thunderbird
  • Install the .xpi file found in your home directory
  • Restart Thunderbird
  • In Preferences->Toolbar Layout (View->Toolbars->Customize on macOS), click and drag the “Report via Suspicious Email Submitter” button where you like in your Thunderbird toolbar

License

The Suspicious Email Submitter is licensed under GPLv3.

About

A Thunderbird add-on to facilitate forwarding malicious emails to analysts

Resources

License

Stars

Watchers

Forks

Packages

No packages published