def test_mail_mime_chars_attack(user,
passwd,
smtp_server,
receiveUser,
special_unicode='\xff'):
"""
Test whether the smtp server supports different unicode in MIME FROM header
:return:
"""
smtp, port = smtp_server.split(":")
demo = SendMailDealer(user, passwd, smtp, port)
to_email = receiveUser
info = u"Missing UI Rendering Attack"
number = "A13"
subject = "[Warning] Maybe you are vulnerable to the %s attack!" % number
domain = user.split('@')[1]
username = user.split('@')[0]
defense = 'You should reject emails which contains special and not allowed characters in the sender address or add a warning in the UI.'
mime_from = username + special_unicode + '@' + domain
content = template.format(attack_name=info, number=number, defense=defense)
demo.sendMail(to_email,
info=info,
mime_from=mime_from,
defense=defense,
subject=subject,
content=content)
def test_mime_to(user, passwd, smtp_server, receiveUser):
"""
Test whether the smtp server supports MIME TO and RCPT TO inconsistency
:return:
"""
smtp, port = smtp_server.split(":")
demo = SendMailDealer(user, passwd, smtp, port)
to_email = receiveUser
info = u"Test mime to"
domain = user.split('@')[1]
to = 'admin@' + domain
demo.sendMail(to_email, mime_from=user, info=info, to=to)
def SMTP_mime_from_test():
with open(FUZZ_PATH, 'r') as f:
data = json.load(f)
to_email = receiveUser
for m in data:
mime_from = m
try:
demo = SendMailDealer(user, passwd, smtp, port)
demo.sendMail(to_email, mime_from=mime_from)
logger.info("TEST SMTP mime from:{} ,run succ".format(mime_from))
except Exception as e:
logger.error(e)
sleep()
def test_multiple_value_mime_to(user, passwd, smtp_server, receiveUser):
"""
Test whether the smtp server supports multiple email address in MIME TO header.
:return:
"""
smtp, port = smtp_server.split(":")
demo = SendMailDealer(user, passwd, smtp, port)
to_email = receiveUser
info = u"Test multiple addresses in 'to' filed"
domain = user.split('@')[1]
new_mime_to = 'admin@' + domain
to = user + ',' + new_mime_to
# MIME TO header can be specified and tested like MIME FROM header
demo.sendMail(to_email, mime_from=user, info=info, to=to)
def test_reverse_mime_from_domain(user, passwd, smtp_server, receiveUser):
"""
Test whether the smtp server supports reverse unicode MIME FROM(domain)
:return:
"""
smtp, port = smtp_server.split(":")
mime_from = "test@\u202etest.com\u202d"
demo = SendMailDealer(user, passwd, smtp, port)
to_email = receiveUser
info = u"Right-to-left Override Attack"
number = "A14"
subject = "[Warning] Maybe you are vulnerable to the %s attack!" % number
defense = 'You should reject emails which contain these special characters in the sender address or add a warning on UI.'
content = template.format(attack_name=info, number=number, defense=defense)
demo.sendMail(to_email,
info=info,
mime_from=mime_from,
subject=subject,
content=content)
def test_IDN_mime_from_domain(user, passwd, smtp_server, receiveUser):
"""
Test whether the smtp server supports IDN MIME FROM(domain)
"""
smtp, port = smtp_server.split(":")
demo = SendMailDealer(user, passwd, smtp, port)
to_email = receiveUser
info = u"IDN Homograph Attack"
number = "A12"
subject = "[Warning] Maybe you are vulnerable to the A12 attack!"
# username = user.split('@')[0]
mime_from = "admin" + "@xn--80aa1cn6g67a.com"
defense = "You can only display the original address with Punycode character, if a domain label contains characters from multiple different languages."
content = template.format(attack_name=info, number=number, defense=defense)
demo.sendMail(to_email,
info=info,
mime_from=mime_from,
subject=subject,
content=content)
def test_mail_mime_attack(user, passwd, smtp_server, receiveUser):
"""
Test whether the smtp server supports MIME FROM and MAIL FROM inconsistency
:return:
"""
smtp, port = smtp_server.split(":")
demo = SendMailDealer(user, passwd, smtp, port)
to_email = receiveUser
info = u"The Inconsistency between Mail From and From headers"
number = "A2"
subject = "[Warning] Maybe you are vulnerable to the %s attack!" % number
domain = user.split('@')[1]
# mime_from can specify any value you like.
mime_from = 'admin@' + domain
defense = '''You should Add a reminder to remind users that the sender is inconsistent with MAIL FROM on UI.'''
content = template.format(attack_name=info, number=number, defense=defense)
demo.sendMail(to_email=to_email,
info=info,
mime_from=mime_from,
subject=subject,
content=content)
def test_multiple_value_mime_from2(user, passwd, smtp_server, receiveUser):
"""
Test whether the smtp server supports multiple email address in MIME FROM header.(The specified email address is at the back)
:return:
"""
smtp, port = smtp_server.split(":")
demo = SendMailDealer(user, passwd, smtp, port)
to_email = receiveUser
info = u"Multiple Email Addresses Attack"
number = "A5"
subject = "[Warning] Maybe you are vulnerable to the %s attack!" % number
domain = user.split('@')[1]
back_mime_from = 'admin@' + domain
# mime_from can specify in many different situations such like '<*****@*****.**>,<*****@*****.**>','a<*****@*****.**>,b<*****@*****.**>',"'*****@*****.**','*****@*****.**'" ...
mime_from = user + ',' + back_mime_from
defense = '''You should display all sender addresses and remind users that it may be forged emails on UI.'''
content = template.format(attack_name=info, number=number, defense=defense)
demo.sendMail(to_email,
subject=subject,
mime_from=mime_from,
info=info,
content=content)
def test_multiple_mime_from1(user, passwd, smtp_server, receiveUser):
"""
Test whether the smtp server supports multiple MIME FROM headers.(The Specified MIME FROM is above)
:return:
"""
smtp, port = smtp_server.split(":")
demo = SendMailDealer(user, passwd, smtp, port)
to_email = receiveUser
info = u"Multiple From Headers Attack"
number = "A4"
subject = "[Warning] Maybe you are vulnerable to the %s attack!" % number
domain = user.split('@')[1]
mime_from1 = 'admin@' + domain
defense = '''You should reject such emails which contain multiple from headers.'''
content = template.format(attack_name=info, number=number, defense=defense)
demo.sendMail(to_email,
info=info,
mime_from=user,
mime_from1=mime_from1,
defense=defense,
subject=subject,
content=content)
def test_login_mail_attack(user, passwd, smtp_server, receiverUser):
"""
:return:
"""
smtp, port = smtp_server.split(":")
demo = SendMailDealer(user, passwd, smtp, port)
to_email = receiverUser
info = u"The Inconsistency between Auth username and Mail From headers"
domain = user.split('@')[1]
mail_from = 'adm1n@' + domain
defense = 'Prohibit sending such emails! '
try:
demo.sendMail(to_email=to_email,
info=info,
mail_from=mail_from,
subject=info,
defense=defense)
except Exception as e:
logger.error(e)
logger.info("attack failed.")
return False
logger.info("attack success!")
return True
def test_normal(user,
passwd,
smtp_server,
receiveUser,
subject,
content,
filename=None,
mime_from1=None,
mime_from2=None,
mail_from=None,
image=None,
mime_from=None):
smtp, port = smtp_server.split(":")
# print(user, passwd, smtp, port, receiveUser, mime_from, subject, content, filename, mime_from1, mime_from2)
demo = SendMailDealer(user, passwd, smtp, port, filename=filename)
demo.sendMail(receiveUser,
mime_from=mime_from,
subject=subject,
content=content,
mime_from1=mime_from1,
mime_from2=mime_from2,
mail_from=mail_from,
image=image)
