• What is SPF Records & Their Impact?

    Hello Guys, Hacker Wahab Here today i am going to show an Old Bug Which Only a Few Pentesters Know.Many of The Pentester's and Hacker only See DNS records for a website for Sub_Domain TakeOver and Skip SPF Records Testing.

    What is SPF/TXT Records?

    An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain.

    Checking Missing SPF:-

     There Are Various Ways of Checking Missing SPF Records on a website But the Most Common and Popular way is kitterman.com

    Steps to Check SPF Records on a website:-
    1. Go to Kitterman.com/spf/validiate.html
    2. Enter Target Website Ex: target.com (Do Not Add https/http or www)
    3. Hit Check SPF (IF ANY)

      If You seem any SPF Record than Domain is Not Vulnerable But if you see Nothing Here then "HURRAY! You Found a Bug"


    Attack Scenario & PoC:-

    Once There is No SPF Records.An Attacker Can Spoof Email Via any Fake Mailer Like Emkei.cz.An Attacker Can Send Email From name "Support" and Email: "support@target.com" With Social Engineering Attack He Can TakeOver User Account Let Victim Knows the Phishing Attack but When He See The Email from the Authorized Domain.He Got tricked Easily.

    Similar HackerOne Reports:-

    https://hackerone.com/reports/54779 Reward : 500$
    https://hackerone.com/reports/120 Reward: 500$

    Bonus Tip:-

    Before Reporting Issue Check the Email headers if it is "SOFTFAIL" or "FAIL" It is Not a Bug Reporting may Cause N/A.Report Only if the Header is Neutral

     Thanks for Reading


    Post a comment

    Powered by Blogger.