Sending legit phishing emails from *.data.gov

[CyberGod]

In this thread I will discussion how I was able to customize emails from api.data.gov and send it to a user of your choice.

Code :-

You must reply before you can see the hidden data contained here.

By inspecting the page we can see all the default values

Turns out all the values are able to be changed in the request on the clients side so that is what I did.

Some issue that I came across was the limit on the first_name parameter, meaning the contents of the email was limited. I was able to bypass this limit restriction using another paramter.

This is a cool method of inboxing phishing emails for example if i was targeting someone on *.data.gov i could craft this fully legit email.

 

[hhhhh]

hi

 

[ghost247]

thanks

 

[DaxtonNC]

V

In this thread I will discussion how I was able to customize emails from api.data.gov and send it to a user of your choice.

Code :-
[Hidden content]

By inspecting the page we can see all the default values

Turns out all the values are able to be changed in the request on the clients side so that is what I did.

Some issue that I came across was the limit on the first_name parameter, meaning the contents of the email was limited. I was able to bypass this limit restriction using another paramter.

This is a cool method of inboxing phishing emails for example if i was targeting someone on *.data.gov i could craft this fully legit email.

Onload

 

[emoxy]

wattt

 

[DonDanino]

Thanks

 

[tharkii]

chchch

 

[SUMIT_BRO]

mn

 

[Dondoni]

mhg

 

[DarkVenom]

thankyou for this awesome post

 

[MOKSHMAIN]

Thank you for this <3

 

[Lord-Sin]

nn

 

[michaeldiamond]

hell

 

[nothing1010]

very good method

 

[hein_rich]

Thanks.

 

[ChQP]

ok

 

[Zx48325666]

wow

 

[blackhack]

Tggy

 

[danny4pf]

This is quite interesting.. I'm on this topic aswell

 

[yUossef789]

Man you are smart wow