import urllib
import urllib2
import hashlib
import random
import re
TRASHMAIL_URL = 'https://www.trashmail.net/'
FIND_NEW_EMAIL = \
re.compile(r'Your new email redirection address is: (.*?)')
def GetTrashMailAddress(redirect_to):
values = dict(
form_source=hashlib.md5(str(random.random())).hexdigest()[:8],
form_dest=redirect_to,
form_nb_redirections='30',
form_expire_days='30',
form_whitelisting='0',
delete_msg_chk='1',
lang='en',
create_submit='Create disposable email address')
data = urllib.urlencode(values)
req = urllib2.Request(TRASHMAIL_URL, data)
response = urllib2.urlopen(req)
return FIND_NEW_EMAIL.search(response.read()).group(1)
Not so long ago, I ran a wiki called SecurePHP. On that wiki, there was one particular article about email injection that received a lot of attention. Naturally, with all the attention came lots of spam. As a result, I disabled editing of the wiki and content stagnated. Still, the email injection article remained popular. About a year later, the server that hosted SecurePHP died and I never had a chance to hook it all back up. I saved the article though and I'm reposting it now. It may be a bit old (I've been away from PHP for a long time), and I didn't write all of it, so feel free to leave comments about needed updates and corrections. Though this article focuses on PHP, it provides a lot of general information regarding email injection attacks. The PHP mail() Function There are a lot of ways to send anonymous emails, some use it to mass mail, some use it to spoof identity, and some (a few) use it to send email anonymously. Usually a web mailform using the mail() funct