testing-for-email-header-injection

# Testing for Email Header Injection ## When to Use - When testing contact forms, feedback forms, or "email a friend" functionality - During assessment of password reset email functionality - When testing newsletter subscription or notification email systems - During penetration testing of applications that send emails based on user input - When auditing email-related API endpoints for header injection ## Prerequisites - Burp Suite for intercepting and modifying HTTP requests - Understanding of SMTP protocol and email header structure - Knowledge of CRLF injection techniques (\r\n sequences) - Test email accounts for receiving injected emails - Access to application features that trigger email sending - SMTP server logs access for monitoring injection attempts ## Workflow ### Step 1 — Identify Email Injection Points ```bash # Identify form fields that end up in email headers: # - "From" name or email address fields # - "To" or "CC" fields in sharing features # - Subject line inputs # - Reply-To fields # Common endpoints: # POST /contact - Contact forms # POST /share - Share via email features # POST /invite - Invitation systems # POST /api/send-email - Email API endpoints # POST /forgot-password - Password reset forms # Test basic functionality first curl -X POST http://target.com/contact \ -d "name=Test&email=test@test.com&subject=Hello&message=Test message" ``` ### Step 2 — Test for CRLF Header Injection ```bash # Inject additional email headers via CRLF in the ema...