Skip to content
/ espoof Public

Email spoofing server written in Python and webextension for email spoofing from browser written in Kotlin (just experiments with kotlin-js to webextension)

License

Notifications You must be signed in to change notification settings

rostegg/espoof

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ESpoof

Compatibility License Badge

ServerExample

Server usage

python3 email-spoof-server.py
Options:
    -i, --hip               The address on which the server will be deployed (by default localhost)
    -p, --hport             Port on which the server will be deployed (by default 8081)
    -s, --sip               The address of SMTP server (by default localhost)
    -d, --sport             Port of SMTP server (by default 25)
    -c, --certificate       Path to SSL certificate for https connection (can be generated using openssl)  

Webextension usage

⚠️ Extension was just experiment with KotlinToJs, better write webextensions in JS to avoid problems with the correct work of the extensions

You can install webextension from package or temporarily install the addon by adding a manifest.json file (tutorial for firefox here)

Build

chmod +x webextension/build.sh
sh webextension/build.sh

Or just use command in 'webextension' directory: ./gradlew runDceKotlinJs --continuous

Extension was tested only on Firefox

After installation in the sidebar, the message sending panel will appear

ExtensionExample

After installation, you need to configure the options in the options section

OptionsExample

More examples in "Example of usage" section

How it work

A http server is being deployed, which receives requests (in json format) to send a message. Then the connection to the SMTP server opens, which sends the SMTP commands via socket, replacing the header "MAIL FROM"

Message format

You can access the server using POST request with json data:

{
  "from":"[email protected]" <email, from which the letter will come>
  "to": "[email protected]" <email, where to send message>
  "sign": "Adam <[email protected]>" <signature of message>
  "subject": "Test information" <subject of letter>
  "text": "This is a test message" <body of letter>
  "user": "user" <optional parameter, require if SMTP server authentication enabled>
  "pass": "password" <optional parameter, require if SMTP server authentication enabled>
  "file": "JVBERi0xLjcKJeLjz9MKOSAwIG9iago8PCAvVHlwZSAvUG...." <optional parameter, base64 content of attachment file>
  "contentType": "aplication/pdf" <optional parameter, MIME type of file>
  "file_name": "file.pdf" <optional parameter, name of attachment file>
}

Access to server through https

If you want to access the server from webextension via https, first you need to add a certificate In firefox it can be done simply: - FireFox -> Options -> Advanced -> Certificates -> View Certificates -> Servers -> Add Exception.

Example of usage

  • Run email-spoof-server.py (for SMTP server i use Postfix)
  • Run extension and fill in the necessary fields in the settings section
  • Fill in the fields in the message sending panel, for example:

Usage1

  • The server responds to the message

Usage2

  • A status message will appear in the browser

Usage3

  • Enjoy

Usage3

About

Email spoofing server written in Python and webextension for email spoofing from browser written in Kotlin (just experiments with kotlin-js to webextension)

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published