TheTAZZone - Internet Chaos

Tutorial – How to bug Email

ORIGINALLY POSTED BY NOKIA FOR THETAZZONE/TAZFORUM HERE

Do not use, republish, in whole or in part, without the consent of the Author. TheTAZZone policy is that Authors retain the rights to the work they submit and/or post…we do not sell, publish, transmit, or have the right to give permission for such…TheTAZZone merely retains the right to use, retain, and publish submitted work within it’s Network

[code]Soda_Popinsky has very kindly allowed this excellent tutorial of his to be hosted on the TAZ.

Enjoy
[/code]

How to bug an Email
by Soda_Popinsky

Overview-
How to bug an email to find the IP of the user that reads it, and how to prevent being bugged. This code is written in php with a mail function. This tutorial will give you email notification when your bugged email is read.

Most modern email clients by default have HTML and scripting on. This tutorial will take advatage of that. In the scenario where a victim is being attacked and taunted by someone jumping through email accounts, this tutorial will provide an IP address in the case that the attacker is not using a proxy, and mistakenly leaves HTML and scripting on in their emails. I do not encourage taking the law into your own hands, I do encourage law enforment or administrators to look at this tutorial.

Required is a webserver with PHP installed. Create a text file with the extension “.php” with the following code, using a raw text editor such as vi or notepad:

[code]

//YOUR Email Address Here
$to = “Whatever@Wherever.com”;

$IP = getenv(“REMOTE_ADDR”);
header (“Content-type: image/png”);
$img_handle = ImageCreate (1, 1) or die (“Cannot Create image”);
$back_color = ImageColorAllocate ($img_handle, 0, 10, 10);
imagecolortransparent ( $img_handle , $back_color);
ImagePng ($img_handle);

$body = “Image viewed by ” . $IP . ” on ” . date(“D dS M,Y h:i a”);
$subject = “Image has been viewed”;

mail($to, $subject, $body);
?>[/code]

Inside the code, notice these lines:

[code]//YOUR Email Address Here
$to = “Whatever@Wherever.com”;[/code]

This should be the only thing you need to modify. It is the email address you want the notification to be sent to. Notice these next set of lines:

[code]$IP = getenv(“REMOTE_ADDR”); //This will grab the readers IP address. It may be a proxy address, may not be.
header (“Content-type: image/png”); //creates a 1 x 1 image
$img_handle = ImageCreate (1, 1) or die (“Cannot Create image”);
$back_color = ImageColorAllocate ($img_handle, 0, 10, 10); //makes that pixel transparent
imagecolortransparent ( $img_handle , $back_color); //creates the image
ImagePng ($img_handle);[/code]

About now you should test if the script will work. Upload the script to your server, and point your browser to it. You should recieve an email from your server if it is properly configured to handle the mail funtion in the script. It will contain your IP and the time and date you accessed it.

Setting up the email

This will depend on your client, but you should be able to paste in something like this-

[code]Your email body text[/code]

In Outlook, you need to set the email to an HTML email, as opposed to rich text or anything else. Then you send the email to the email address you need traced. Although I would test the html and script on other email clients first, because errors are dead giveaways of your intentions.

Preventing bugs

[url]http://informationweek.securitypipe…m/news/18901439[/url]

This link tells us that almost half of spam is bugged. This means by opening a bugged email, you are flagged as a potential sale, therefore encouraging spam to your address. It is important to disable HTML and scripting in your client for this reason, as well as other reasons. Configuration varies by client to disable scripting. In Outlook, we go to tools-options-security tab- and we select restricted as our security zone. Make sure your restriced security zone settings are tight.

Thats all-
Comments and criticism welcome.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Someone requested I add code for those without sendmail.

[code]

$IP = getenv(“REMOTE_ADDR”);
header (“Content-type: image/png”);
$img_handle = ImageCreate (1, 1);
$back_color = ImageColorAllocate ($img_handle, 0, 10, 10);
imagecolortransparent ( $img_handle , $back_color);
ImagePng ($img_handle);

$body = “Image viewed by ” . $IP . ” on ” . date(“D dS M,Y h:i a”) . “\n”;

$fn = “hits.txt”;
$fp = fopen($fn, “a”);
$write = fputs($fp, $body);
fclose($fp);

?>[/code]

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertise

If you'd like to advertise on The Mutt ( aka TheTAZZone.com ) feel free to contact us at: administration[at]thetazzone.com

TheTAZZone is a non-commercial entity. We do not sell any products or services ourselves. Our revenue comes from advertising and donations only.

We appreciate your support! Your advertising revenue ( or donations ) helps us to continue to upgrade, improve, and offset the costs of maintaining this site.

Donations can be made through the page ' Donate '.