Ready to Start Your Career?

Email Web Beacon

Mr Craig Fox's profile image

By: Mr Craig Fox

February 1, 2018

So I assume some of you are aware of this <a href="" target="_blank">Email Web Beacon</a> it's been around for a while and still not used to it's full potential but today for *reasons* I needed to get some WAN IP addresses of some computers which where very tricky get hold of. I went down the route of an Email Beacon to do this, as, well...there are tools out there but most aren't effective, or they get the IP address of the SMTP server at best. So when you want something done sometimes you have to do it yourself.Long story short, essentially all you do is:
  • Send the target an email - [they don't even need to respond, they just need to read it]
  • Once they open the email, I have put a hidden 1x1 pixel image within it which will load with the email
  • The image points to a php script on my server and runs to do...whatever I want, in this case steal system info/IP addresses
  • It then creates a log file with the IP address (WAN/Internet accessible), there operating system and browser
Spoiler alert: It worked like a charm.I simply setup XAMPP (with apache/php on it) configured the port (and port forwarded on my router), enabled apache mod rewrite so it will legitimately be an image which is converted to php when executed and created my php script to steal the info and log it. This may sound a little fiddly and it was, but within ~1 hour or so it was up and running smoothly to do the job. In my testing phase I took some screen shots as reference, see below:Inserting the HTML image [NOTICE the this is because anything after ? in the URL is ignored, however this way I can track who I sent the email to[caption id="" align="aligncenter" width="614"] Email Preview[/caption]
[caption id="" align="aligncenter" width="618"]target receiving the email Target receiving the email.[/caption]
[caption id="" align="aligncenter" width="1168"]target opening email Target opening email.[/caption]
[caption id="" align="aligncenter" width="994"]log file put on server Log file put on my server.[/caption] As you can see, this is very effective! what's more is there are a lot more things you can do. One of which I recently experimented with is to send an HTTP BASIC AUTH request, whereby the target would receive a login pop-up when they open the email asking them to re-login, amongst many other things. Moreover, this isn't restricted to email either, it's essentially anything that loads images - websites, forums and so on.Obviously, some email clients will countermeasure this, but surprisingly most of them don't, and if you're crafty enough (encode URL's etc) you can bypass a lot of AV filters too.This, of course, is all in the name of research and development purposes.Anyway, rather than you guys have to re-create the whole thing I saved the scripts and even created an installer because I am kind like that :) so you can have the same thing up and running in minutes. If you wanna make a donation then <a href="" target="_blank">please do so here</a> and thanks in advance.<a href="" target="_blank">DOWNLOAD the scripts/installer here</a>, very easy to setupNote: That is for Linux, I'll make a Windows version soon.For anyone curious about the scripts I made without wanting to download, here:
  • Setup bash script:
  • PHP Script:
Schedule Demo