1
00:00:00,730 --> 00:00:02,020
‫Contact forms.

2
00:00:03,360 --> 00:00:12,240
‫Need I say more before Twitter and other social media applications and their widespread use, there

3
00:00:12,270 --> 00:00:13,860
‫were contact forms.

4
00:00:14,790 --> 00:00:21,030
‫And now people choose to tweet directly to the company or organization or whatever it is.

5
00:00:22,070 --> 00:00:29,960
‫So, yeah, I'm being a little glib, I realize that there are contact forms still in use, widespread

6
00:00:29,960 --> 00:00:32,060
‫actually in different Web applications.

7
00:00:33,530 --> 00:00:38,090
‫And it's possible to use the emailing system behind such a form.

8
00:00:39,430 --> 00:00:42,940
‫All right, so in this lesson, we are going to try such a scenario.

9
00:00:43,750 --> 00:00:46,780
‫So I want you to open Caleigh and it's always a law going to be web.

10
00:00:48,040 --> 00:00:49,750
‫Over the mail, heter injection.

11
00:00:51,950 --> 00:00:59,060
‫Now, due to an overused protocol, the name can change, so for this one, you can use the same TP

12
00:00:59,060 --> 00:01:01,300
‫mail header injection as well.

13
00:01:02,950 --> 00:01:06,700
‫Anyway, it is a simple contact form.

14
00:01:07,820 --> 00:01:09,200
‫At least you can think it is.

15
00:01:10,500 --> 00:01:14,670
‫All right, so let's view this source to control for anything suspicious.

16
00:01:16,160 --> 00:01:17,870
‫Well, there's nothing to see here.

17
00:01:19,280 --> 00:01:22,340
‫So first, I want to show you the configuration here.

18
00:01:23,870 --> 00:01:25,520
‫So view settings dot BHP.

19
00:01:26,750 --> 00:01:31,490
‫So here's my SMTP configuration, I'll just change it to these values.

20
00:01:32,640 --> 00:01:36,600
‫Because a few times I've gotten some errors, but this works fine.

21
00:01:37,660 --> 00:01:40,810
‫OK, so now let's give you the male injection page.

22
00:01:43,280 --> 00:01:49,850
‫And it validates the email address that you enter for medium level as well as high.

23
00:01:51,760 --> 00:01:53,040
‫Then set the e-mail server.

24
00:01:54,900 --> 00:02:00,690
‫So then if the level is set to high, it uses another function called mail check to.

25
00:02:01,970 --> 00:02:05,540
‫Then it creates the male body and sends it off.

26
00:02:06,690 --> 00:02:11,250
‫So male check two is in this file, and I'm going to find it.

27
00:02:13,210 --> 00:02:14,330
‫Well, that didn't take long.

28
00:02:14,350 --> 00:02:14,860
‫Here it is.

29
00:02:16,270 --> 00:02:21,130
‫So it decodes the date and then uses a built in function to validate the email.

30
00:02:22,110 --> 00:02:23,940
‫OK, so go back to Firefox's.

31
00:02:25,290 --> 00:02:26,940
‫Enable Foxe proxy.

32
00:02:29,750 --> 00:02:31,040
‫Fill in the form.

33
00:02:32,200 --> 00:02:33,930
‫I'm going to use this email address.

34
00:02:35,130 --> 00:02:35,910
‫And then send.

35
00:02:37,380 --> 00:02:39,870
‫So Berp will capture the request for us.

36
00:02:40,890 --> 00:02:42,390
‫And here is the data.

37
00:02:44,290 --> 00:02:49,780
‫And then at the back end, the server will use this email address as the sender, Zewail.

38
00:02:51,080 --> 00:02:56,840
‫And it will send the email to be Web recipient at mail later dot com.

39
00:02:58,450 --> 00:03:01,900
‫And we can send the request to the repeater for using later.

40
00:03:02,990 --> 00:03:04,000
‫And then let it go.

41
00:03:05,420 --> 00:03:09,800
‫So now go to the Web recipient's inbox and mail Nader dotcom.

42
00:03:10,940 --> 00:03:12,530
‫And here's the email.

43
00:03:13,820 --> 00:03:19,640
‫And this is all the email information subject and from headers are very important to us.

44
00:03:20,590 --> 00:03:22,890
‫Actually, we can modify.

45
00:03:23,890 --> 00:03:27,200
‫Only from the header for metadata, that's OK.

46
00:03:27,580 --> 00:03:31,180
‫So go back to Berp and let's open the repeater tab.

47
00:03:32,270 --> 00:03:40,880
‫I'm going to inject some male headers into this request, so type percent sign zero, a, C, C, call

48
00:03:40,890 --> 00:03:44,280
‫in other inbox at WIRB mail dot com.

49
00:03:45,330 --> 00:03:47,460
‫And the percent zero A.

50
00:03:48,480 --> 00:03:51,630
‫And that's the carriage return character, by the way.

51
00:03:53,080 --> 00:03:53,770
‫And then send it.

52
00:03:56,090 --> 00:04:04,410
‫And we get a response, so as you can see, the mail is sent, so now it's go to chrome and open WIRB

53
00:04:04,430 --> 00:04:05,450
‫mail dotcom.

54
00:04:12,050 --> 00:04:14,120
‫And in another inbox.

55
00:04:17,130 --> 00:04:20,340
‫Here's the email, so look at the headers.

56
00:04:22,130 --> 00:04:26,180
‫So this inbox is present in the header.

57
00:04:27,350 --> 00:04:29,030
‫OK, so go back to burb.

58
00:04:31,030 --> 00:04:37,030
‫So these kinds of vulnerable forms can be used to spread fishing males and just all kinds of dreadful

59
00:04:37,030 --> 00:04:37,450
‫stuff.

60
00:04:39,670 --> 00:04:45,790
‫So now we can do a quick example, you can create a phishing email body by yourself.

61
00:04:47,180 --> 00:04:54,050
‫But for me, I'm going to use some templates that I happen to have found on GitHub, so when Firefox

62
00:04:54,050 --> 00:04:55,100
‫and go to this address.

63
00:04:56,370 --> 00:04:58,500
‫Now, if you scroll down, you're going to see the templates.

64
00:04:59,700 --> 00:05:01,920
‫There are different email templates here and.

65
00:05:03,150 --> 00:05:07,770
‫OK, so I'm going to choose basic full plan looks like this.

66
00:05:10,090 --> 00:05:13,620
‫Now, I think it's a simple and convincing template.

67
00:05:13,690 --> 00:05:14,800
‫Yeah, so download it.

68
00:05:16,360 --> 00:05:19,360
‫And it's in the downloads folder, so extract the files.

69
00:05:21,210 --> 00:05:29,130
‫Now go to the template code under this directory and open the HTML document with a text editor.

70
00:05:32,230 --> 00:05:34,660
‫Copy the source and go back to burb.

71
00:05:36,400 --> 00:05:37,780
‫Open the decoder tab.

72
00:05:39,130 --> 00:05:40,030
‫Pasted here.

73
00:05:41,030 --> 00:05:46,580
‫And from the menu on the right to choose your URL and code, then.

74
00:05:47,730 --> 00:05:50,100
‫Copy the encoded output.

75
00:05:51,040 --> 00:05:52,570
‫Go back to the repeater tab.

76
00:05:54,090 --> 00:05:55,110
‫Delete this part.

77
00:05:57,520 --> 00:05:59,440
‫And at another return, character.

78
00:06:01,060 --> 00:06:03,070
‫Then add the message header.

79
00:06:05,090 --> 00:06:06,290
‫Pace the output here.

80
00:06:07,710 --> 00:06:08,580
‫Then, Sam.

81
00:06:10,820 --> 00:06:14,960
‫So the response came back, so that means there's no problem.

82
00:06:15,950 --> 00:06:19,490
‫So now go to the recipient's address and click to have a look.

83
00:06:21,390 --> 00:06:27,630
‫Now, I didn't add access code and I didn't want to make something else, but I can always make it pretty

84
00:06:27,630 --> 00:06:29,180
‫and convincing if you want to use it.

85
00:06:31,010 --> 00:06:36,170
‫Also, you can copy the e-mail format your customer uses and use that.

86
00:06:37,680 --> 00:06:42,690
‫I know people who can even click the link in this email, so people still do.

87
00:06:43,970 --> 00:06:49,790
‫So with a little bit of effort, you will spread a really good fishing e-mail and you'll have lots of

88
00:06:49,790 --> 00:06:50,270
‫friends.