'Re: [WEB SECURITY] How to find out the IP address of the sender in'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       websecurity
Subject:    Re: [WEB SECURITY] How to find out the IP address of the sender in
From:       Shlomi Narkolayev <shlominar () gmail ! com>
Date:       2010-05-13 3:59:01
Message-ID: AANLkTimnzGVwP2qfcE0syzQVtO6zfD3UibBSEuyvNSWq () mail ! gmail ! com
[Download RAW message or body]

If Email headers didn't worked for you so there is a nice trick that I
occasionally use; Prepare HTML page that displays wmv file/JavaApplet or any
other object that opens direct TCP connection, send them Email with some
Social Engineering, like something "Here I store my bank account
passwords..." and add the link to this HTML :-)
Even if he'll use HTTP proxy, you'll get his real IP.

Kind Regards,
Narkolayev Shlomi.

Visit my blog: http://Narkolayev-Shlomi.blogspot.com


On Wed, May 12, 2010 at 6:06 PM, Rob Fuller <jd.mubix@gmail.com> wrote:

> Get them to send you a Facebook invite? ;-)
>
>
> --
> Rob Fuller | Mubix
> Room362.com | Hak5.org | TheAcademyPro.com
> Ignore this:
> X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
>
>
>
> On Mon, May 10, 2010 at 1:51 PM, Mike Duncan <Mike.Duncan@noaa.gov> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> Email is a lot like snail-mail really. You can receive mail from an
>> original non-existing, masked, and/or non-route-able address of a SMTP
>> server. Making things worse, you will more than likely need some legal
>> reason to get a SMTP provider to divulge information about their
>> customers who may have sent the message.
>>
>> Unfortunately, unless the original, correct IP address was sent with the
>> message, you are going to be doing a lot of backtracking up the SMTP
>> chain of servers sent to transfer the message. Most messages have this
>> chain of SMTP servers listed within the SMTP headers of the message.
>> This will get you to at least the original mail server, but it may not
>> exist in the real world and/or may be a mail-relay agent which will not
>> allow you to know who (human hopefully) sent the message. Not too
>> mention the headers are sometimes modified to hide or obfuscate this
>> information -- i.e. SPAM.
>>
>> Mike Duncan
>> ISSO, Application Security Specialist
>> Government Contractor with STG, Inc.
>> NOAA :: National Climatic Data Center
>>
>>
>> On 05/10/2010 02:59 AM, dhirajsmahajan@gmail.com wrote:
>> > Hey hi,
>> >
>> > I wanna to known the sender IP address from which d mail has been sent
>> > to me. do any one known how to find out. i checked the show original in
>> > gmail but it dosent show any IP address, the IP address present is of
>> > gmail server, i wanna to have the senders IP address.
>> >
>> > Thanks in advance.
>> >
>> > --
>> > Thanks & Regards,
>> >
>> > Dhiraj S Mahajan,
>> > IT Consultancy , Vayam Technologies(formerly iBilt Technologies
>> Limited),
>> > SEI-CMMI level 5 , ISO 9001:2000 ,
>> > ISO 27001 , 124 , Thapar House, Janpath , New Delhi 110001
>> > Mob: +919766500456
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAkvoR6AACgkQnvIkv6fg9hYyJgCbBOY/LwHy68EZpDrktkMwuqQ7
>> FSkAn28L5oXZ/FSOB1y5Hiyro6LdG1v7
>> =+85B
>> -----END PGP SIGNATURE-----
>>
>>
>>
>> ----------------------------------------------------------------------------
>> Join us on IRC: irc.freenode.net #webappsec
>>
>> Have a question? Search The Web Security Mailing List Archives:
>> http://www.webappsec.org/lists/websecurity/archive/
>>
>> Subscribe via RSS:
>> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>>
>> Join WASC on LinkedIn
>> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>>
>

[Attachment #3 (text/html)]

<div dir="ltr">If Email headers didn&#39;t worked for you so there is a nice trick \
that I  occasionally use; Prepare HTML page that displays wmv 
file/JavaApplet or any other object that opens direct TCP connection, 
send them Email with some Social Engineering, like something &quot;Here I 
store my bank account passwords...&quot; and add the link to this HTML :-)<br>
Even if he&#39;ll use HTTP proxy, you&#39;ll get his real IP.<br><br clear="all">Kind \
Regards,<br>Narkolayev Shlomi.<br><br>Visit my blog: <a \
href="http://Narkolayev-Shlomi.blogspot.com">http://Narkolayev-Shlomi.blogspot.com</a><br>



<br><br><div class="gmail_quote">On Wed, May 12, 2010 at 6:06 PM, Rob Fuller <span \
dir="ltr">&lt;<a href="mailto:jd.mubix@gmail.com">jd.mubix@gmail.com</a>&gt;</span> \
wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; \
border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">

Get them to send you a Facebook invite? ;-)<br clear="all"><br><br>--<br>Rob Fuller | \
Mubix <br>Room362.com | Hak5.org | TheAcademyPro.com<br>Ignore \
this:<br>X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*<br>



<br>
<br><br><div class="gmail_quote">On Mon, May 10, 2010 at 1:51 PM, Mike Duncan <span \
dir="ltr">&lt;<a href="mailto:Mike.Duncan@noaa.gov" \
target="_blank">Mike.Duncan@noaa.gov</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, \
204, 204); padding-left: 1ex;">



-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
<br>
Email is a lot like snail-mail really. You can receive mail from an<br>
original non-existing, masked, and/or non-route-able address of a SMTP<br>
server. Making things worse, you will more than likely need some legal<br>
reason to get a SMTP provider to divulge information about their<br>
customers who may have sent the message.<br>
<br>
Unfortunately, unless the original, correct IP address was sent with the<br>
message, you are going to be doing a lot of backtracking up the SMTP<br>
chain of servers sent to transfer the message. Most messages have this<br>
chain of SMTP servers listed within the SMTP headers of the message.<br>
This will get you to at least the original mail server, but it may not<br>
exist in the real world and/or may be a mail-relay agent which will not<br>
allow you to know who (human hopefully) sent the message. Not too<br>
mention the headers are sometimes modified to hide or obfuscate this<br>
information -- i.e. SPAM.<br>
<br>
Mike Duncan<br>
ISSO, Application Security Specialist<br>
Government Contractor with STG, Inc.<br>
NOAA :: National Climatic Data Center<br>
<div><div></div><div><br>
<br>
On 05/10/2010 02:59 AM, <a href="mailto:dhirajsmahajan@gmail.com" \
target="_blank">dhirajsmahajan@gmail.com</a> wrote:<br> &gt; Hey hi,<br>
&gt;<br>
&gt; I wanna to known the sender IP address from which d mail has been sent<br>
&gt; to me. do any one known how to find out. i checked the show original in<br>
&gt; gmail but it dosent show any IP address, the IP address present is of<br>
&gt; gmail server, i wanna to have the senders IP address.<br>
&gt;<br>
&gt; Thanks in advance.<br>
&gt;<br>
&gt; --<br>
&gt; Thanks &amp; Regards,<br>
&gt;<br>
&gt; Dhiraj S Mahajan,<br>
&gt; IT Consultancy , Vayam Technologies(formerly iBilt Technologies Limited),<br>
&gt; SEI-CMMI level 5 , ISO 9001:2000 ,<br>
&gt; ISO 27001 , 124 , Thapar House, Janpath , New Delhi 110001<br>
&gt; Mob: +919766500456<br>
</div></div>-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.9 (GNU/Linux)<br>
Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org/" \
target="_blank">http://enigmail.mozdev.org/</a><br> <br>
iEYEARECAAYFAkvoR6AACgkQnvIkv6fg9hYyJgCbBOY/LwHy68EZpDrktkMwuqQ7<br>
FSkAn28L5oXZ/FSOB1y5Hiyro6LdG1v7<br>
=+85B<br>
-----END PGP SIGNATURE-----<div class="im"><br>
<div><div></div><div><br>
----------------------------------------------------------------------------<br>
Join us on IRC: <a href="http://irc.freenode.net" \
target="_blank">irc.freenode.net</a> #webappsec<br> <br>
Have a question? Search The Web Security Mailing List Archives:<br>
<a href="http://www.webappsec.org/lists/websecurity/archive/" \
target="_blank">http://www.webappsec.org/lists/websecurity/archive/</a><br> <br>
Subscribe via RSS:<br>
<a href="http://www.webappsec.org/rss/websecurity.rss" \
target="_blank">http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]<br> <br>
Join WASC on LinkedIn<br>
<a href="http://www.linkedin.com/e/gis/83336/4B20E4374DBA" \
target="_blank">http://www.linkedin.com/e/gis/83336/4B20E4374DBA</a><br> <br>
</div></div></div></blockquote></div><br>
</blockquote></div><br></div>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic