icantsec

cybersecurity | coding | tech

Getting information from users with an image embed

On

Getting information from users with an image embed

By icantsec

tl;dr: What information can I get from someone opening an email or loading an image without actually clicking anything?
https://github.com/icantsec/img-info-grabber


Originally, I wanted to see if I could get an IP address from someone opening an email, but soon realized you can get more information such as read receipts, or attach it to a forum or discussion board and capture information that way as well.


While there are a few ways to go about this, I wanted the easiest way to get a proof of concept working, and figured this would be to make a php script that captured and stored this information in a log file, then have it return as an image.


This is simple enough; first, we start the PHP script to get the desired info, in this case a PID we pass as a parameter and  their IP:

<?php
//get unique identifier from link (?pid=XXX)
$name = $_GET["pid"];
//get IP from visitor
$ip = $_SERVER['REMOTE_ADDR'];

Next, we create a unique file name for this user and store their info (there are obviously more elegant solutions, but for a proof of concept this is fine):

//create random file name
$fName = uniqid() . '.txt';
//open file and put info into it
$myfile = fopen($fName, "w")
$txt = $name . "\n" . $ip;
fwrite($myfile, $txt);
fclose($myfile);

Now we need to actually give them an image for this link to work as an image link, so we load our image file, in our case a black square:

$name = 'black.png';
$fp = fopen($name, 'rb');

The important part, we need to return this page as an image – we will set the content headers and dump the picture.

// send the right headers
header("Content-Type: image/png");
header("Content-Length: " . filesize($name));
// dump the picture and stop the script
fpassthru($fp);
exit;

That’s it. You can replace an image link with that link as follows:

<img src="img.php?pid=<user_identifier>">


Now, while not a big part of the guide, I had some trouble figuring out how to actually put this into an email with a free and easy to test solution. For this, you simply need to make a blank html page with the link, then select all and copy it. From there, most email providers will let you paste it into an email and it works like an image embed. The HTML would look about the same as the above HTML markup.


Notes:

  • -You can use this wherever you can embed an image
  • -Some solutions load the images through a proxy (such as the Gmail app, but outlook does not)


Feel free to use the code in the github link at the top to learn, use, or criticize.

Leave a Reply

Your email address will not be published. Required fields are marked *