Ensure your email has been read
ποΈ β’ π£ β’ π¬
Why?
- In phishing campaign (with the prior agreements of course!), to perform information gathering. (retrieve information about who read, with which browser, at what time etc..)
- Because many SMTP clients don't provide "acknowledgement of receipt" anymore
- For commercial mail, to see who has been attracted by your email, but it is definitely not cool!
Current state is a very naive implementation, maybe enhancements will be made especially for the phishing use case (deal with multiple targets, directly send the email providing a mail list, etc..)
1οΈ Launch smtrackerp
smtrackerp --url [YOUR_EXTERNAL_URL] -t [TARGET_MAIL]2οΈ Insert payload in your mail
smtrackerp will generate a html file containing an invisible image. Insert it in your mail.
Then send it!
3οΈ Wait..
I know, i know .. i'm using ngrok, for testing purpose only
You can use smtrackerp to directly send your mail and then waiting for the "proof of reading".
1οΈ Put the mail body in a file
You could use test/test.html if you want
2οΈ Load your SMTP credential
Via environment variable, the credentials are used to communicate with your SMTP server. I encourage you to save it in a file:
export SMPT_USERNAME=[YOUR_MAIL]
export SMPT_PASSWORD=[YOUR_PASSWORD]and source it
3οΈ Send and wait
smtrackerp send -u [YOUR_EXTERNAL_URL] -r [LIST_OF_RECIPIENTS] -s [MAIL_SUBJECT] -b [BODY_FILENAME] -a [SMP_HOST] -p [SMTP_PORT] --trackWhat the target sees:
What we see:
