伪造发件人方法

这两日用到了python的发送邮件功能,恰好又想起来wordpress发送给我的邮件都是形如[email protected]的虚拟地址,于是我就上网查找了下伪造邮件发件人的方案。网上这些资料非常多,以下是个人感兴趣的部分内容的汇总。

一、python之smtplib库

Simple Mail Transfer Protocol (SMTP) is a protocol which handles sending e-mail and routing e-mail between mail servers. Python provides smtplib module which defines an SMTP client session object that can be used to send mail to any Internet machine with an SMTP or ESMTP listener daemon. Here is a simple syntax to create one SMTP object which can later be used to send an email:

  import smtplib
  smtpObj = smtplib.SMTP( [host [, port [, local_hostname]]] )

Here is the detail of the parameters:

  • host: This is the host running your SMTP server. You can specifiy IP address of the host or a domain name like tutorialspoint.com. This is optional argument.

  • port: If you are providing host argument then you need to specifiy a port where SMTP server is listening. Usually this port would be 25.

  • local_hostname: If your SMTP server is running on your local machine then you can specify just localhost as of this option.

An SMTP object has an instance method called sendmail, which will typically be used to do the work of mailing a message. It takes three parameters:

  • The sender – A string with the address of the sender.
  • The receivers – A list of strings, one for each recipient.
  • The message – A message as a string formatted as specified in the various RFCs.

Example:

Here is a simple way to send one email using Python script. Try it once:

#!/usr/bin/python
import smtplib
sender = '[email protected]'
receivers = ['[email protected]']
message = """From: From Person <[email protected]>
To: To Person <[email protected]>
Subject: SMTP e-mail test
This is a test e-mail message.
"""
try:
smtpObj = smtplib.SMTP('localhost')
smtpObj.sendmail(sender, receivers, message)
print "Successfully sent email"
except SMTPException:
print "Error: unable to send email"

二、linux之mail命令 


# echo hello | mail -s ’12306′ [email protected] -- -f [email protected]

注意,-f前面有两个短横线,后面为发件人地址。

三、asp之jmail组件 


<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<% If Request("action") = "send" Then %>
<%
	Dim strSubject
	Dim strEmail
	Dim strMailAdress
	Dim strSender
	Dim strContent
	Dim strFromer
	strSubject = Request("title")
	strContent = Request("content")
	strSender = Request("Name")
	strEmail = Request("to")
	strMailAddress = Request("smtp")
	strMailUser = Request("usr")
	strMailPass = Request("pwd")
	Set JMail = Server.CreateObject("JMail.Message")
	JMail.Charset = "gb2312"
	JMail.From = Request("From")
	JMail.FromName = strSender
	JMail.Subject = strSubject
	JMail.MailServerUserName = strMailUser
	JMail.MailServerPassword = strMailPass
	JMail.Priority = 3
	JMail.AddRecipient(strEmail)
	JMail.Body = strContent
	JMail.Send(strMailAddress) %>
<Script>
alert('没报错就可能成功啦!');
</Script>
<%
Else %>
<style type="text/css">
<!--
body { margin-top: 0px;margin-bottom: 0px;}td {
font-size: 12px;
text-decoration: none;}--></style>
<title>JMailSpoof v0.1</title><table width="500" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="#666666">
<tr><td height="40" bgcolor="#E3E3E3"><div align="center">JMailSpoof by lake2</div></td></tr>
<tr><td><table width="100%" height="392" border="0" align="center" cellpadding="1" cellspacing="1">
<form name="form" method="post" action="?action=send">
<tr bgcolor="#FFFFFF">
<td align="center"><div align="left">SMTP服务器</div></td>
<td><input name="smtp" type="text" id="smtp" size="22"></td>
</tr>
<tr bgcolor="#FFFFFF">
<td align="center"><div align="left">用户名</div></td>
<td><input name="usr" type="text" id="usr" size="22"></td>
</tr>
<tr bgcolor="#FFFFFF">
<td align="center"><div align="left">密码</div></td>
<td><input name="pwd" type="text" id="pwd" size="22"></td>
</tr>
<tr bgcolor="#FFFFFF">
<td align="center"><div align="left">收件人邮箱</div></td>
<td><input name="to" type="text" id="to" size="22"></td>
</tr>
<tr bgcolor="#FFFFFF">
<td align="center"><div align="left">发件人邮箱</div></td>
<td><input name="from" type="text" id="from" size="22">
</td>
</tr>
<tr bgcolor="#FFFFFF">
<td width="110" align="center"><div align="left">邮件主题</div></td>
<td width="288"><input name="title" type="text" id="title" size="22">
</td>
</tr>
<tr bgcolor="#FFFFFF">
<td height="15" align="center"><div align="left">发件人姓名</div></td>
<td>
<input name="name" type="text" id="name" size="22"></td>
</tr>
<tr bgcolor="#FFFFFF">
<td height="213" align="center"><div align="left">内容:<br>
</div></td>
<td><textarea name="content" cols="50" rows="15"></textarea></td>
</tr>
<tr bgcolor="#FFFFFF">
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="提交"></td>
</tr>
</form></table></td>
</tr></table>
<% End If %>

四、php之mail()函数 

<?php

if (isset($_REQUEST['fakename'])) //if "fakename" is filled out, send email
{ //send email
    $sendto = $_REQUEST['sendto'];
    $fakename = $_REQUEST['fakename'];
    $subject = $_REQUEST['subject'];
    $message = $_REQUEST['message'];
    mail($sendto, $subject, $message, "From: $fakename");
    echo "Play 4 fun.";
} else
//if "fakename" is not filled out, display the form
{
    echo "
<form method='post' action='mailform.php'>
Send to: <input name='sendto' type='text' /> <br />
Fake name: <input name='fakename' type='text' /> <br />
Subject: <input name='subject' type='text' /> <br />
Message: <br />
<textarea name='message' rows='15' cols='40'></textarea> <br />
<input type='submit' />
</form>";
}
?>

五、web之site网站

  1. DeadFake网站,地址为http_//www.deadfake.com/。
  2. 很多虚拟主机的邮件功能都可以。例如cpanel的web邮件服务中的就可以自己填写发件人邮箱。
  3. 自己建立SMTP服务器即可。防止现在各主流SMTP因为监控发件人信息导致发送不出去。