How to bug Email
Results 1 to 2 of 2

Thread: How to bug Email

  1. #1

    How to bug Email

    How to bug an Email
    by Soda_Popinsky

    Overview-
    How to bug an email to find the IP of the user that reads it, and how to prevent being bugged. This code is written in php with a mail function. This tutorial will give you email notification when your bugged email is read.

    Most modern email clients by default have HTML and scripting on. This tutorial will take advatage of that. In the scenario where a victim is being attacked and taunted by someone jumping through email accounts, this tutorial will provide an IP address in the case that the attacker is not using a proxy, and mistakenly leaves HTML and scripting on in their emails. I do not encourage taking the law into your own hands, I do encourage law enforment or administrators to look at this tutorial.

    Required is a webserver with PHP installed. Create a text file with the extension ".php" with the following code, using a raw text editor such as vi or notepad:
    Code:
    <?php
    
    //YOUR Email Address Here
    $to = "Whatever@Wherever.com";
    
    $IP = getenv("REMOTE_ADDR");
    header ("Content-type: image/png");
    $img_handle = ImageCreate (1, 1) or die ("Cannot Create image"); 
    $back_color = ImageColorAllocate ($img_handle, 0, 10, 10); 
    imagecolortransparent ( $img_handle , $back_color);
    ImagePng ($img_handle);
    
    $body = "Image viewed by " . $IP . " on " . date("D dS M,Y h:i a");
    $subject = "Image has been viewed";
    
    mail($to, $subject, $body);
    ?>
    Inside the code, notice these lines:
    Code:
    //YOUR Email Address Here
    $to = "Whatever@Wherever.com";
    This should be the only thing you need to modify. It is the email address you want the notification to be sent to. Notice these next set of lines:
    Code:
    $IP = getenv("REMOTE_ADDR");  //This will grab the readers IP address. It may be a proxy address, may not be.
    header ("Content-type: image/png"); //creates a 1 x 1 image
    $img_handle = ImageCreate (1, 1) or die ("Cannot Create image"); 
    $back_color = ImageColorAllocate ($img_handle, 0, 10, 10);  //makes that pixel transparent
    imagecolortransparent ( $img_handle , $back_color);   //creates the image
    ImagePng ($img_handle);
    About now you should test if the script will work. Upload the script to your server, and point your browser to it. You should recieve an email from your server if it is properly configured to handle the mail funtion in the script. It will contain your IP and the time and date you accessed it.

    Setting up the email

    This will depend on your client, but you should be able to paste in something like this-
    Code:
    <html><body>Your email body text<img src="http://yourserver.com/Yourbuglocation.php"></body></html>
    In Outlook, you need to set the email to an HTML email, as opposed to rich text or anything else. Then you send the email to the email address you need traced. Although I would test the html and script on other email clients first, because errors are dead giveaways of your intentions.


    Preventing bugs

    http://informationweek.securitypipel.../news/18901439

    This link tells us that almost half of spam is bugged. This means by opening a bugged email, you are flagged as a potential sale, therefore encouraging spam to your address. It is important to disable HTML and scripting in your client for this reason, as well as other reasons. Configuration varies by client to disable scripting. In Outlook, we go to tools-options-security tab- and we select restricted as our security zone. Make sure your restriced security zone settings are tight.

    Thats all-
    Comments and criticism welcome.

  2. #2
    Someone requested I add code for those without sendmail.
    Code:
    <?php 
    
    $IP = getenv("REMOTE_ADDR");
    header ("Content-type: image/png");
    $img_handle = ImageCreate (1, 1); 
    $back_color = ImageColorAllocate ($img_handle, 0, 10, 10); 
    imagecolortransparent ( $img_handle , $back_color);
    ImagePng ($img_handle);
    
    $body = "Image viewed by " . $IP . " on " . date("D dS M,Y h:i a") . "\n";
    
    $fn = "hits.txt";
    $fp = fopen($fn, "a");
    $write = fputs($fp, $body);
    fclose($fp);
    
    ?>
    This will create hits.txt if it doesn't exist. Remember to modify permisions if you need to.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •