Email Web Beacon

February 1, 2018 | Views: 4474

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

So I assume some of you are aware of this <a href=”” target=”_blank”>Email Web Beacon</a> it’s been around for a while and still not used to it’s full potential but today for *reasons* I needed to get some WAN IP addresses of some computers which where very tricky get hold of. I went down the route of an Email Beacon to do this, as, well…there are tools out there but most aren’t effective, or they get the IP address of the SMTP server at best. So when you want something done sometimes you have to do it yourself.

Long story short, essentially all you do is:

  • Send the target an email – [they don’t even need to respond, they just need to read it]
  • Once they open the email, I have put a hidden 1×1 pixel image within it which will load with the email
  • The image points to a php script on my server and runs to do…whatever I want, in this case steal system info/IP addresses
  • It then creates a log file with the IP address (WAN/Internet accessible), there operating system and browser

Spoiler alert: It worked like a charm.

I simply setup XAMPP (with apache/php on it) configured the port (and port forwarded on my router), enabled apache mod rewrite so it will legitimately be an image which is converted to php when executed and created my php script to steal the info and log it. This may sound a little fiddly and it was, but within ~1 hour or so it was up and running smoothly to do the job. In my testing phase I took some screen shots as reference, see below:

Inserting the HTML image [NOTICE the this is because anything after ? in the URL is ignored, however this way I can track who I sent the email to

email preview

Email Preview

target receiving the email

Target receiving the email.

target opening email

Target opening email.

log file put on server

Log file put on my server.


As you can see, this is very effective! what’s more is there are a lot more things you can do. One of which I recently experimented with is to send an HTTP BASIC AUTH request, whereby the target would receive a login pop-up when they open the email asking them to re-login, amongst many other things. Moreover, this isn’t restricted to email either, it’s essentially anything that loads images – websites, forums and so on.

Obviously, some email clients will countermeasure this, but surprisingly most of them don’t, and if you’re crafty enough (encode URL’s etc) you can bypass a lot of AV filters too.

This, of course, is all in the name of research and development purposes.

Anyway, rather than you guys have to re-create the whole thing I saved the scripts and even created an installer because I am kind like that 🙂 so you can have the same thing up and running in minutes. If you wanna make a donation then <a href=”” target=”_blank”>please do so here</a> and thanks in advance.

<a href=”″ target=”_blank”>DOWNLOAD the scripts/installer here</a>, very easy to setup

Note: That is for Linux, I’ll make a Windows version soon.

For anyone curious about the scripts I made without wanting to download, here:

  • Setup bash script:
  • PHP Script:
Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge



Is Linux Worth Learning in 2020?
Views: 299 / December 14, 2019
How do I Get MTA Certified?
Views: 895 / December 12, 2019
How much does your PAM software really cost?
Views: 1346 / December 10, 2019
How Do I Get into Android Development?
Views: 1725 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?