So I started this week testing out a few different python tools, to just check if spoofing would possible or difficult. I found this blog https://www.cybrary.it/0p3n/email-spoofing/ . From there I was able to find a couple different tools the first one is able to check whether a domain is spoofeable. The second one is a quick script to actually spoof an email. I needed to first set up a postfix server on my computer in order to use the SimpleEmailSpoofer. After a couple minutes of configuration I was able to successfully spoof an email. Here are the tools I tried out:
https://github.com/BishopFox/spoofcheck
https://github.com/lunarca/SimpleEmailSpoofer
After trying out this tool, I created a simple script that allowed me to replace hrefs within an email. I plan to expand this tool this weekend to swap out multiple areas of an email based on a configuration file, probably using a yaml as the configuration file. Using this tool I plan on generating a unique ID for each of these emails so we would be able to track user interaction with these emails, before sending these emails out whether through the SimpleEmailSpoofer or another method.
No comments:
Post a Comment