profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/chenjj/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Jianjun Chen chenjj CA, USA https://www.jianjunchen.com/ I do security research and make security tools.

chenjj/CORScanner 684

Fast CORS misconfiguration vulnerabilities scanner🍻

chenjj/espoofer 399

An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻

chenjj/Awesome-HTTPRequestSmuggling 40

A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻

chenjj/dionaea 2

update dionaea for hpfeeds

chenjj/kippo 2

update kippo for hpfeeds

chenjj/chenjj.github.io 1

Jianjun Chen's Homepage

chenjj/gsoc-test 1

simple socket program,reads arbitrary input from one socket and writes it to another socket.

chenjj/ipv6-attack-detector 1

Google Summer of Code 2013 project, supported by The Honeynet Project organization.

chenjj/hostoftroubles.com 0

https://hostoftroubles.com

mzweilin/hpfeeds 0

Honeynet Project generic authenticated datafeed protocol

push eventchenjj/Awesome-HTTPRequestSmuggling

Jianjun Chen

commit sha cebdb4f22fbfd2f50a2e7f03c383af287b503750

Integer Overflow Enables HTTP Smuggling

view details

push time in 8 days

issue closedchenjj/espoofer

One more thing please help.

In last message you told no need to use smtp server if you are in client mode the what should I do exactly. 1st step - clone your tool in termux 2step - change victim address and sender address only. 3rd step - run the tool in client mode. Using cmd - python3 espoofer.py -m c -id client_a1

Are the above steps perfects which I should follow exactly Sam only or I have to edit something more in the tool. Please help and also once again sorry for irritating by asking questions.

closed time in a month

prajwal0909

issue closedchenjj/espoofer

How to change postmaster in the spoofed email address in client_a12

Hello last request I am able to spoof emails I am using smtp-relay.gmail.com and when I use the tool in client mode a12 the email is received by victim but the victim receives the email from postmaster@prajwalextensionsoftware.42web.io but it should be instagram@gmail.com in above address I want to change postmaster. The above domain prajwalextensionsoftware.42web.io is mine but I want to send the spoofed email from instagram@gmail.com to the victim deepalipandit82@gmail.com. please help I don't think anybody can help please I have asked all to help but no one is helping please help me to change the postmaster word. One more important note you may think how it is client_a12 so I have changed the word server to client in the testcases.py

closed time in a month

prajwal0909

issue closedchenjj/espoofer

Email is not spoofed.

Please help me victim is receiving the email but it is not spoofed. I have read a issue in which you told not all testcases can bypass and told to try creating your own testcases but i dont know how to create it please can you guide me i have read the slides provided by you but i didn't understood please help me it is most important for me. I hope you will help.

closed time in a month

prajwal0909

issue closedchenjj/espoofer

eMail body configuration

First of all thanks to share this for us. I just wonder how can I configure the email message as html. In the "testcases" file I want to add html format mail body. Is it possible to create a mail body path?

closed time in a month

alaskaetu

issue closedchenjj/espoofer

Sorry for disturbing but please help me.

Soory for irritating you but my parents won't give me money to buy a host vps so please can suggest a free one.

closed time in a month

prajwal0909

issue closedchenjj/espoofer

TimeoutError: [Errno 110] Connection timed out

When I try to run I got this error message. Please help me

closed time in a month

aksoytugrul

issue closedchenjj/espoofer

Bad sequence of commands

Trying the client mode with a local SMTP server, running on port 587 with STARTTLS as optional and I am getting the following error. Any ideas?

Thank you for this project btw!

image

closed time in a month

analyserdmz

issue closedchenjj/espoofer

Issue, Client mode

Hello, I have been trying to use the Client mode for Case 1, I get the email but it is not spoofed. I tried using case 2 and 3, but I keep getting this error:

Client does not have permissions to send as this sender

Do you have any idea how to fix it? Thank you

closed time in a month

Razora97

issue closedchenjj/espoofer

detail steps to use tool

can you make any video or pdf including screenshots to install and use this tool. including all steps need to install this

closed time in a month

gauravdeore98

issue commentchenjj/espoofer

How to change postmaster in the spoofed email address in client_a12

Hi, I'm not sure if Gmail is still vulnerable to client_a12, as they may have fixed those two cases. But the general idea of exploiting inconsistencies between different email components is hard to fix.

Espoofer is a security testing tool. Just like other security testing tools, it cannot guarantee that you can always find vulnerabilities in your targets.

prajwal0909

comment created time in a month

issue commentchenjj/espoofer

Email is not spoofed.

I hope to help you but I'm too busy recently. This tool is not ready for beginners yet, because it requires some manual testing experiences (which can be gained from reading the paper). I hope someone can help to write a detailed guide for beginners.

prajwal0909

comment created time in a month

issue commentchenjj/espoofer

Emails getting bounced.

If you're testing in client mode, there is no need to have an SMTP server. Because espoofer works like a regular email client.

For server mode, I used a VPS server on Banwagonghost.com, which has port 25 open by default. Just follow the README instructions to configure and run espoofer on the VPS.

prajwal0909

comment created time in a month

issue commentchenjj/espoofer

Emails getting bounced.

Hi, sorry that I missed your earlier message. I'm not familiar with smtp2go. I guess the possible bouncing reason is that either the smtp2go server or the Gmail server refuses this message because the message cannot pass their format validation.

As some issues discovered by espoofer have been fixed by some email vendors, you may want to try different test cases or try different email providers.

prajwal0909

comment created time in a month

issue commentchenjj/espoofer

eMail body configuration

Maybe email providers use probability-based algorithms to detect email spam, thus it could be random. Also, the email sending frequency could also be a factor.

alaskaetu

comment created time in a month

push eventchenjj/Awesome-HTTPRequestSmuggling

Jianjun Chen

commit sha fa95e43bddede221cf9d7cdee8be79fdb327fd46

Update README.md

view details

push time in a month

issue commentchenjj/espoofer

eMail body configuration

I just wonder how can I configure the email message as html. In the "testcases" file I want to add html format mail body.

Sure. You can paste your HTML content in the testcases.py.

Is it possible to create a mail body path?

Yes, this would require a few code modifications using Python.

alaskaetu

comment created time in a month

issue commentchenjj/espoofer

TimeoutError: [Errno 110] Connection timed out

It seems that your outgoing port 25 is blocked by your ISP.

aksoytugrul

comment created time in a month

issue commentchenjj/espoofer

Bad sequence of commands

If you're sure that the username/password is correct, please try to add "auth_proto": "PLAIN" to the client_mode option (see below) in config.py, and run the tool again:

"client_mode": {
    "sending_server": ("smtp.gmail.com", 587),
    "username": b"",
    "password": b"",
    "auth_proto": "PLAIN",
}
analyserdmz

comment created time in a month

issue commentchenjj/espoofer

I am stuck on data

Thanks for opening this issue. Unfortunately, I don't have enough cycles to write a detailed guide. I would appreciate it if someone can help with that.

prajwal0909

comment created time in a month

issue commentchenjj/espoofer

TimeoutError: [Errno 110] Connection timed out

Thanks for opening this issue. Could you post your full console log here so that I can help you?

Maybe your ISP blocks outgoing emails to port 25 to prevent spam. In this case, you need to ask for permission from the ISP;

aksoytugrul

comment created time in a month

push eventchenjj/Awesome-HTTPRequestSmuggling

Jianjun Chen

commit sha 2bb83b7edfac090e51ae1b2a6a8a20437e325f82

Update README.md

view details

push time in a month

issue commentchenjj/espoofer

Bad sequence of commands

It seems that your local server doesn't support starttls. You could try to configure your server to enable this feature or set starttls=False in espoofer.

Change starttls to be False in the following code and try again. https://github.com/chenjj/espoofer/blob/63f62718f951e7058580e7ad93dacaa418e6f7a4/espoofer.py#L155

analyserdmz

comment created time in 2 months

issue commentchenjj/espoofer

detail steps to use tool

Thanks for opening this issue. You could follow the usage instructions in README to run the tool. Currently, I don't have enough cycles to write a detailed guide. I would appreciate it if someone can help with that.

gauravdeore98

comment created time in 2 months

issue commentchenjj/espoofer

Issue, Client mode

Thanks for opening this issue. Could you post your full console log here so that I can help you?

FYI: Not all test cases in espoofer can bypass the DMARC authentication on your targets and some have been fixed by email services. You may need to try different test cases, or even develop your own test case according to the idea provided in the slides and paper.

Razora97

comment created time in 2 months

issue closedchenjj/espoofer

Configuration issue

Facing an issue related to configuration

550-Verification failed for any@mailfrom.notexist.easypay.com 550-The mail server does not recognize any@mailfrom.notexist.easypay.com as a valid sender. 550 Sender verify failed

closed time in 2 months

Zaibali9999

issue closedchenjj/espoofer

The Mail is not spoofed

Screenshot_20210703-020110 Screenshot_20210703-020152

closed time in 2 months

MrEoZ-MRZ

issue commentchenjj/espoofer

Issue with Client mode

It seems that the 110 port is running a Dovecot service, not a SMTP services like postfix. You need to specify an SMTP port, normally it's 587.

w1lddog2

comment created time in 2 months

issue commentchenjj/espoofer

Configuration issue

It seems that the domain contains multiple SPF records, which is invalid. I would suggest removing one of them. And make sure your outgoing IP address is included in the SPF record.

You can validate your SPF syntax here: https://mxtoolbox.com/SuperTool.aspx?action=spf%3ahigee.net&run=toolpage

Zaibali9999

comment created time in 2 months

issue commentchenjj/espoofer

The Mail is not spoofed

Not all test cases in espoofer can bypass the DMARC authentication on your targets and some have been fixed by email services. You may need to try different test cases, or even develop your own test case according to the idea provided in the slides and paper.

MrEoZ-MRZ

comment created time in 3 months