Creating a PHP Fake-Mailer!

Posted: 06/20/2012 in G.N.A.HackTeam, Hacking, Info
Tags: , , , , ,

There is a function in PHP called mail(). The Normal Use is to send a message to an e-mail with a subject. However, you can also configure the headers!

The headers are really useful for a Mailer. You can pretend to be an Other Person (ex. I can send mail as Bill Gates from microsoft.com!), or configure the Mail Client you use (iPhone Mail, Thunderbird…)

I think that you should start creating a Fake-Mailer in PHP, so let’s do it!

HTML Form:

So, we need first to create an HTML Form so as to enter the Data. Create a file named “index.html” and type these:

<form method=”GET” action=”send.php”>

<p>To: <input type=”text” name=”to” /></p>
<p>From-Name: <input type=”text” name=”name” /></p>
<p>From-Email: <input type=”text” name=”from” /></p>
<p>Content-Type: <input type=”radio” name=”con” value=”p” /> Plain-Text || <input type=”radio” value=”h” name=”con” /> HTML</p>
<p>Subject: <input type=”text” name=”subject” /></p>
<p>Content:</p>
<textarea name=”content” rows=”30″ cols=”60″ class=”textm”>Your E-Mail Here…</textarea>
<p>

<input type=”submit” value=”Send E-Mail” ></p>
</form>

PHP Form:

We also need a PHP Form! Create a new File called “send.php” and enter these:

<?php
$to=$_REQUEST[‘to’];
$subject=$_REQUEST[‘subject’];
$name=$_REQUEST[‘name’];
$from=$_REQUEST[‘from’];
$type=$_REQUEST[‘con’];
$content=$_REQUEST[‘content’];
if(isset($to) && isset($name) && isset($from) && isset($content) && isset($type)){
           if($type == ‘h’){
                      $type=’text/html’;
           }else{
                      $type=’text/plain’;
           }
mail($to,$subject,$content,”From:$name<$from>\r\nContent-Type:$type”);
echo(“<p style=”color:green”>E-Mail Sent!</p>”);
}
else{
         echo(“<p style=”color:red”>E-Mail NOT Sent!</p>”);
}
?>

Explanation:

HTML Form:

If you know some  HTML, you know this is a Page of Inputs that you can enter text. It has also two Radio Buttons so that you select whether you want your message to be Plain Text or HTML.

The “name” attributes of each input are vital, since the PHP “gets” their value by these unique names!

PHP Form:

At the PHP Form, we first store in Variables the Values of the Inputs of the HTML Page. In this way, we can handle them more easily!

Then, we check if all the inputs are entered using the isset() function. If they are set, it proceeds and checks what is the value of the Radio Buttons, Plain Text or HTML.

After, it sends the E-Mail using the mail() function and displays a Green E-Mail Sent!

However, If one input is not entered, the Mail Will not be sent, and a E-Mail NOT Sent message will be displayed!

You must install PHP to your Machine, if you want to run it locally! Otherwise, you should create an Account to a Web Hosting Service and Upload the Two Files there!


I hope the Tutorial is easily-readable for everyone!

<?aK@7zbr3akR/>

Advertisements
Comments
  1. Please make sure that you have read the Disclaimer here: http://is.gd/bbMTJL

  2. Tiger-M@te says:

    just awsm..but i think there should be a “?>” at the last of php script 😀

  3. Taz says:

    I tried the html but could not get the radio button to work or the send i am not a html expert any advice please

  4. nguyen says:

    How do i add bcc or cc options

    • On the PHP script you can add some extra Headers like: $headers .= ‘From: $name BCC: ‘. implode(“,”, $bccmail) . “\r\n”;
      And then replace the mail(…) line with:
      mail($to, $subject ,$content,$headers);

      But you also need to create another text input and a PHP variable to store the bcc address to $bccmail
      (Like the $name, $from etc….)

  5. nguyen says:

    I have this code . how do i fix it : (add bcc option )

    <?php
    session_start();
    if ($_POST['Submit'] == 'Send')
    {
    if (strcmp(md5($_POST['user_code']),$_SESSION['ckey']))
    {
    header("Location: sendmail.php?msg=ERROR: Invalid Verification Code");
    exit();
    }

    $to = $_POST['toemail'];
    $subject = $_POST['subject'];
    $message = $_POST['message'];
    $fromemail = $_POST['fromemail'];
    $fromname = $_POST['fromname'];
    $lt= '’;
    $sp= ‘ ‘;
    $from= ‘From:’;
    $headers = $from.$fromname.$sp.$lt.$fromemail.$gt;
    mail($to,$subject,$message,$headers);
    header(“Location: sendmail.php?msg= Mail Sent!”);
    exit();
    }
    ?>

    Email Pranks

    Fake Email Prank Script By Srikanth

    Please do not misuse this script. Use it only for having FUN.

    From Name:

    From Email:

    To Email:

    Subject:

    Your Message:

    Verification Code:

    <?php if (isset($_GET['msg'])) { echo " $_GET[msg] “; } ?>

    WARNING: Use it at your own risk. Do not use this for Spamming!.

    • The line which starts with $headers change it to:
      $headers =$from.$fromname.$sp.$lt.$fromemail.$gt.”BCC:”.”bcc@email.com”;

      But you could use the code from this blog post because it is more readable and easier to modify…

      • Also, if you want to improve your skills, you need to start programming… I suggest you learn PHP and HTML first, and then a scripting language like Python or Perl…Otherwise, you will always ask for help and you won’t be able to accomplish hard hacking tasks… 😉

      • nguyen says:

        Thank sir. I know. but i need this code now. because i don’t have times. I think you will create this code easy and fast. it’s only have 3 files.

  6. nguyen says:

    I desired you will help me. this is once . I need this code now .Thank sir

  7. harry says:

    i also need a hacker i could do deal with..please leave a reply..Thanks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s