Sending Fake Mail/MAIL FORGERY/MAIL SPOOFING
Ever thought of having freedom to send mail from any email id? Fortunately this is possible and very easy to perform. Mail spoofing is performed by manipulating the ‘email header’ of an email in such a way that it looks like sent from a legit user of email and not from the original sender. E-Mail spoofing is possible because SMTP(protocol used to send E-mail) does not provide a mechanism for authentication of email sender. In this post I will teach you how to create your own email forge, well if you want to send forge mail without getting deep into the internals still you can send mail by using these sites
But for true geeks we will go deep and create our own email forger, which will help us understand the working in a better way and hence will get more interesting.
NOTE: Every email contains sender and receivers address in its header so if you send a fake mail to someone then you might get caught.
- http://www.emkei.cz/
-Ask google for more
But for true geeks we will go deep and create our own email forger, which will help us understand the working in a better way and hence will get more interesting.
Let’s begin
-First of all you need to create an account in a free file hosting site (I recommend http://www.000webhost.com) and choose a free domain.
-now, let’s create these two files:
1. First we are creating the html file which is shown to the user, I haven’t well designed it because more design would have complicated the code, well it serves the purpose. Paste this code in a notepad and save as “index.html” (without quotes).
<html>
<title>Hackaholic email forger</title>
<body align="center">
<form action="mail.php" method="post">
From:<input type="text" name="sid"><br/><br/>
Send to: <input type="text" name="rid"><br/><br/>
Subject:<input type="text" name="sub"><br/><br/>
Body: <textarea name='b' rows='15' cols='40'> </textarea><br/><br/>
<input type="submit" value="send mail" />
</form>
</body>
</html>
2. Again paste following code in the notepad and save as “mail.php”.
<?php
$to = $_POST['rid'];
$subject =$_POST['sub'];
$message = $_POST['b'];
$from = $_POST['sid'];
$headers = "From: $from";
mail($to,$subject,$message,$headers);
echo "Mail Sent.";
?>
-Now login to your 000webhost account and open file manager
-Upload these 2 files (index.html, mail.php) to PUBLIC_HTML folder.
And you’re done, open your website (using your domain) and you will find a webpage like this(not actually like this, I made some mischievous changes )
Let’s try to understand what mail.php is doing
<?php
It tells that the file is going to have some php coding.
$to = $_POST['rid'];
$subject =$_POST['sub'];
$message = $_POST['b'];
$from = $_POST['sid'];
$headers = "From: $from";
In php, ‘$’ sign is used to denote the variables, so here we are creating five variables namely to, subject, message, from & header. Names are self explanatory. ” _POST[]” is a array of variables sent by “POST” method of http, here we’re using it to receive information from our html form and storing the values of textboxes into the corresponding variables.
mail($to,$subject,$message,$headers);
mail() is a php function which is used to send mail.
echo "Mail Sent.";
It will show the confirmation of mail being sent.
As you might have guessed, mail spoofing is a really cool way to play pranks with your friends but it is also used widely by hackers to successfully perform phishing attacks. But if you are going using it for your cruel deeds then you shouldn’t, because email spoofing is traceable and you will get caught. Latter we will have a post on email tracing too, so stay tuned.