[WEB SECURITY] How to find out the IP address of the sender in mail.

Shlomi Narkolayev shlominar at gmail.com
Wed May 12 23:59:01 EDT 2010


If Email headers didn't worked for you so there is a nice trick that I
occasionally use; Prepare HTML page that displays wmv file/JavaApplet or any
other object that opens direct TCP connection, send them Email with some
Social Engineering, like something "Here I store my bank account
passwords..." and add the link to this HTML :-)
Even if he'll use HTTP proxy, you'll get his real IP.

Kind Regards,
Narkolayev Shlomi.

Visit my blog: http://Narkolayev-Shlomi.blogspot.com


On Wed, May 12, 2010 at 6:06 PM, Rob Fuller <jd.mubix at gmail.com> wrote:

> Get them to send you a Facebook invite? ;-)
>
>
> --
> Rob Fuller | Mubix
> Room362.com | Hak5.org | TheAcademyPro.com
> Ignore this:
> X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
>
>
>
> On Mon, May 10, 2010 at 1:51 PM, Mike Duncan <Mike.Duncan at noaa.gov> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> Email is a lot like snail-mail really. You can receive mail from an
>> original non-existing, masked, and/or non-route-able address of a SMTP
>> server. Making things worse, you will more than likely need some legal
>> reason to get a SMTP provider to divulge information about their
>> customers who may have sent the message.
>>
>> Unfortunately, unless the original, correct IP address was sent with the
>> message, you are going to be doing a lot of backtracking up the SMTP
>> chain of servers sent to transfer the message. Most messages have this
>> chain of SMTP servers listed within the SMTP headers of the message.
>> This will get you to at least the original mail server, but it may not
>> exist in the real world and/or may be a mail-relay agent which will not
>> allow you to know who (human hopefully) sent the message. Not too
>> mention the headers are sometimes modified to hide or obfuscate this
>> information -- i.e. SPAM.
>>
>> Mike Duncan
>> ISSO, Application Security Specialist
>> Government Contractor with STG, Inc.
>> NOAA :: National Climatic Data Center
>>
>>
>> On 05/10/2010 02:59 AM, dhirajsmahajan at gmail.com wrote:
>> > Hey hi,
>> >
>> > I wanna to known the sender IP address from which d mail has been sent
>> > to me. do any one known how to find out. i checked the show original in
>> > gmail but it dosent show any IP address, the IP address present is of
>> > gmail server, i wanna to have the senders IP address.
>> >
>> > Thanks in advance.
>> >
>> > --
>> > Thanks & Regards,
>> >
>> > Dhiraj S Mahajan,
>> > IT Consultancy , Vayam Technologies(formerly iBilt Technologies
>> Limited),
>> > SEI-CMMI level 5 , ISO 9001:2000 ,
>> > ISO 27001 , 124 , Thapar House, Janpath , New Delhi 110001
>> > Mob: +919766500456
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAkvoR6AACgkQnvIkv6fg9hYyJgCbBOY/LwHy68EZpDrktkMwuqQ7
>> FSkAn28L5oXZ/FSOB1y5Hiyro6LdG1v7
>> =+85B
>> -----END PGP SIGNATURE-----
>>
>>
>>
>> ----------------------------------------------------------------------------
>> Join us on IRC: irc.freenode.net #webappsec
>>
>> Have a question? Search The Web Security Mailing List Archives:
>> http://www.webappsec.org/lists/websecurity/archive/
>>
>> Subscribe via RSS:
>> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>>
>> Join WASC on LinkedIn
>> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100513/97290ea3/attachment.html>


More information about the websecurity mailing list