Email Spoofing

General technological topics without their own forum go here

Email Spoofing

Post by limdis on Tue Jan 17, 2012 9:04 pm
([msg=63740]see Email Spoofing[/msg])

I decided to check my catch-all email address' spam folder for the lulz today. My attention immediately fell onto the the from column and there were several emails that "apparently" I had sent myself.

So, now I'm doing some research. I've known what email spoofing is for a long time and know that getting little tools to make it happen are really easy to come by. However, I want to know the ins and outs mechanics behind how it's done, how is it allowed to be done, and from a forensic perspective, how to combat it. Looking through the forums here didn't yield any real information other than a wiki link. Anyone have any good links or experience knowledge I would appreciate it. 8-)
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1429
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Email Spoofing

Post by LoGiCaL__ on Tue Jan 17, 2012 10:48 pm
([msg=63751]see Re: Email Spoofing[/msg])

Here is a link that I found pretty informative which scratches the surface of each topic in question with other links that are useful in understanding.

http://www.windowsecurity.com/articles/Email-Spoofing.html
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1063
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: Email Spoofing

Post by limdis on Tue Jan 17, 2012 11:12 pm
([msg=63759]see Re: Email Spoofing[/msg])

Sweet thanks for the link. Something I'm going to play with tomorrow is not just hiding the from label but also the IP in the email as well. Will TOR (for example) change that? Or will it still show general location of the sender?
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1429
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Email Spoofing

Post by mShred on Tue Jan 17, 2012 11:24 pm
([msg=63760]see Re: Email Spoofing[/msg])

limdis wrote:Sweet thanks for the link. Something I'm going to play with tomorrow is not just hiding the from label but also the IP in the email as well. Will TOR (for example) change that? Or will it still show general location of the sender?

Tor will only spoof something if your application is tunneling through it. Say you're using Firefox or some other web browser, you'd have to configure the proxy settings to go through localhost on port 9050, if I remember correctly. Using a VPN is much easier, because everything automatically tunnels through it.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1767
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Email Spoofing

Post by LoGiCaL__ on Tue Jan 17, 2012 11:28 pm
([msg=63761]see Re: Email Spoofing[/msg])

Possibly if the mail server is through a website. I never tried it with TOR, it would be interesting to see the results of that. Keep me updated. One experiment I was going to work on since I have several old shitty pc's laying around was to re-purpose them, set up a mail server and try to mimic an open relay (which was mentioned in the above article) to see if I could get it to work or not.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1063
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: Email Spoofing

Post by limdis on Wed Jan 18, 2012 12:17 am
([msg=63763]see Re: Email Spoofing[/msg])

I'll play with it and see what turns out. If I get any profit I'll post some pics. Been digging through multiple articles and a few pdfs on how its been done in the past. All of it is really interesting. Turns out I was completely wrong on how email works in the first place. Just something I never put any thought into. Funny, the simple things lol

-- Thu Jan 19, 2012 3:51 pm --

Alright so any pre setup online services are either unsafe, flood you with junk mail and/or your message with adds, and all are (simply put) just not worth the time. I even came across one that wanted you to "log into your email account" from their prompt so that you could get a verification that the email was sent. Hahaha fail admin, fail.

Did get my hands on a couple simple mailers coded in visual basic that allowed for much greater options, and that got me thinking about just writing my own, specifically to work how I want it to. That way ensuring that it will work how I want it to and not having to fight through troubleshooting another tool.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1429
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests