1
00:00:00,730 --> 00:00:02,020
Contact forms.

2
00:00:03,360 --> 00:00:12,240
Need I say more before Twitter and other social media applications and their widespread use, there

3
00:00:12,270 --> 00:00:13,860
were contact forms.

4
00:00:14,790 --> 00:00:21,030
And now people choose to tweet directly to the company or organization or whatever it is.

5
00:00:22,070 --> 00:00:29,960
So, yeah, I'm being a little glib, I realize that there are contact forms still in use, widespread

6
00:00:29,960 --> 00:00:32,060
actually in different Web applications.

7
00:00:33,530 --> 00:00:38,090
And it's possible to use the emailing system behind such a form.

8
00:00:39,430 --> 00:00:42,940
All right, so in this lesson, we are going to try such a scenario.

9
00:00:43,750 --> 00:00:46,780
So I want you to open Caleigh and it's always a law going to be web.

10
00:00:48,040 --> 00:00:49,750
Over the mail, heter injection.

11
00:00:51,950 --> 00:00:59,060
Now, due to an overused protocol, the name can change, so for this one, you can use the same TP

12
00:00:59,060 --> 00:01:01,300
mail header injection as well.

13
00:01:02,950 --> 00:01:06,700
Anyway, it is a simple contact form.

14
00:01:07,820 --> 00:01:09,200
At least you can think it is.

15
00:01:10,500 --> 00:01:14,670
All right, so let's view this source to control for anything suspicious.

16
00:01:16,160 --> 00:01:17,870
Well, there's nothing to see here.

17
00:01:19,280 --> 00:01:22,340
So first, I want to show you the configuration here.

18
00:01:23,870 --> 00:01:25,520
So view settings dot BHP.

19
00:01:26,750 --> 00:01:31,490
So here's my SMTP configuration, I'll just change it to these values.

20
00:01:32,640 --> 00:01:36,600
Because a few times I've gotten some errors, but this works fine.

21
00:01:37,660 --> 00:01:40,810
OK, so now let's give you the male injection page.

22
00:01:43,280 --> 00:01:49,850
And it validates the email address that you enter for medium level as well as high.

23
00:01:51,760 --> 00:01:53,040
Then set the e-mail server.

24
00:01:54,900 --> 00:02:00,690
So then if the level is set to high, it uses another function called mail check to.

25
00:02:01,970 --> 00:02:05,540
Then it creates the male body and sends it off.

26
00:02:06,690 --> 00:02:11,250
So male check two is in this file, and I'm going to find it.

27
00:02:13,210 --> 00:02:14,330
Well, that didn't take long.

28
00:02:14,350 --> 00:02:14,860
Here it is.

29
00:02:16,270 --> 00:02:21,130
So it decodes the date and then uses a built in function to validate the email.

30
00:02:22,110 --> 00:02:23,940
OK, so go back to Firefox's.

31
00:02:25,290 --> 00:02:26,940
Enable Foxe proxy.

32
00:02:29,750 --> 00:02:31,040
Fill in the form.

33
00:02:32,200 --> 00:02:33,930
I'm going to use this email address.

34
00:02:35,130 --> 00:02:35,910
And then send.

35
00:02:37,380 --> 00:02:39,870
So Berp will capture the request for us.

36
00:02:40,890 --> 00:02:42,390
And here is the data.

37
00:02:44,290 --> 00:02:49,780
And then at the back end, the server will use this email address as the sender, Zewail.

38
00:02:51,080 --> 00:02:56,840
And it will send the email to be Web recipient at mail later dot com.

39
00:02:58,450 --> 00:03:01,900
And we can send the request to the repeater for using later.

40
00:03:02,990 --> 00:03:04,000
And then let it go.

41
00:03:05,420 --> 00:03:09,800
So now go to the Web recipient's inbox and mail Nader dotcom.

42
00:03:10,940 --> 00:03:12,530
And here's the email.

43
00:03:13,820 --> 00:03:19,640
And this is all the email information subject and from headers are very important to us.

44
00:03:20,590 --> 00:03:22,890
Actually, we can modify.

45
00:03:23,890 --> 00:03:27,200
Only from the header for metadata, that's OK.

46
00:03:27,580 --> 00:03:31,180
So go back to Berp and let's open the repeater tab.

47
00:03:32,270 --> 00:03:40,880
I'm going to inject some male headers into this request, so type percent sign zero, a, C, C, call

48
00:03:40,890 --> 00:03:44,280
in other inbox at WIRB mail dot com.

49
00:03:45,330 --> 00:03:47,460
And the percent zero A.

50
00:03:48,480 --> 00:03:51,630
And that's the carriage return character, by the way.

51
00:03:53,080 --> 00:03:53,770
And then send it.

52
00:03:56,090 --> 00:04:04,410
And we get a response, so as you can see, the mail is sent, so now it's go to chrome and open WIRB

53
00:04:04,430 --> 00:04:05,450
mail dotcom.

54
00:04:12,050 --> 00:04:14,120
And in another inbox.

55
00:04:17,130 --> 00:04:20,340
Here's the email, so look at the headers.

56
00:04:22,130 --> 00:04:26,180
So this inbox is present in the header.

57
00:04:27,350 --> 00:04:29,030
OK, so go back to burb.

58
00:04:31,030 --> 00:04:37,030
So these kinds of vulnerable forms can be used to spread fishing males and just all kinds of dreadful

59
00:04:37,030 --> 00:04:37,450
stuff.

60
00:04:39,670 --> 00:04:45,790
So now we can do a quick example, you can create a phishing email body by yourself.

61
00:04:47,180 --> 00:04:54,050
But for me, I'm going to use some templates that I happen to have found on GitHub, so when Firefox

62
00:04:54,050 --> 00:04:55,100
and go to this address.

63
00:04:56,370 --> 00:04:58,500
Now, if you scroll down, you're going to see the templates.

64
00:04:59,700 --> 00:05:01,920
There are different email templates here and.

65
00:05:03,150 --> 00:05:07,770
OK, so I'm going to choose basic full plan looks like this.

66
00:05:10,090 --> 00:05:13,620
Now, I think it's a simple and convincing template.

67
00:05:13,690 --> 00:05:14,800
Yeah, so download it.

68
00:05:16,360 --> 00:05:19,360
And it's in the downloads folder, so extract the files.

69
00:05:21,210 --> 00:05:29,130
Now go to the template code under this directory and open the HTML document with a text editor.

70
00:05:32,230 --> 00:05:34,660
Copy the source and go back to burb.

71
00:05:36,400 --> 00:05:37,780
Open the decoder tab.

72
00:05:39,130 --> 00:05:40,030
Pasted here.

73
00:05:41,030 --> 00:05:46,580
And from the menu on the right to choose your URL and code, then.

74
00:05:47,730 --> 00:05:50,100
Copy the encoded output.

75
00:05:51,040 --> 00:05:52,570
Go back to the repeater tab.

76
00:05:54,090 --> 00:05:55,110
Delete this part.

77
00:05:57,520 --> 00:05:59,440
And at another return, character.

78
00:06:01,060 --> 00:06:03,070
Then add the message header.

79
00:06:05,090 --> 00:06:06,290
Pace the output here.

80
00:06:07,710 --> 00:06:08,580
Then, Sam.

81
00:06:10,820 --> 00:06:14,960
So the response came back, so that means there's no problem.

82
00:06:15,950 --> 00:06:19,490
So now go to the recipient's address and click to have a look.

83
00:06:21,390 --> 00:06:27,630
Now, I didn't add access code and I didn't want to make something else, but I can always make it pretty

84
00:06:27,630 --> 00:06:29,180
and convincing if you want to use it.

85
00:06:31,010 --> 00:06:36,170
Also, you can copy the e-mail format your customer uses and use that.

86
00:06:37,680 --> 00:06:42,690
I know people who can even click the link in this email, so people still do.

87
00:06:43,970 --> 00:06:49,790
So with a little bit of effort, you will spread a really good fishing e-mail and you'll have lots of

88
00:06:49,790 --> 00:06:50,270
friends.