From: iang@cs.berkeley.edu (Ian Goldberg)
To: cypherpunks@cyberpass.net
Message Hash: 0b011f80426cf6de7c680c68f342e79d409368b0032793cd32d37b7fee52af88
Message ID: <5sg43l$v7v$1@abraham.cs.berkeley.edu>
Reply To: <19970807192254.40.qmail@zipcon.net>
UTC Datetime: 1997-08-08 22:10:38 UTC
Raw Date: Sat, 9 Aug 1997 06:10:38 +0800
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Sat, 9 Aug 1997 06:10:38 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Exit Remailer Suggestion
In-Reply-To: <19970807192254.40.qmail@zipcon.net>
Message-ID: <5sg43l$v7v$1@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain
In article <199708080936.KAA01816@server.test.net>,
Adam Back <aba@dcs.ex.ac.uk> wrote:
>
>Mike Duvos <enoch@zipcon.net> writes:
>> Someone wrote:
>
>(That someone was me).
>
>> > What about AOL disks? We need shorter lived, disposable
>> > remailers as exit remailers... Let them take the heat,
>> > while the real remailers walk. Lets see a series of
>> > "exitman" remailers. Exitman remailers are walking targets
>> > left to fend for themselves as long as they may.
>>
>> By reconfiguring current remailers to use a public Email service
>> as the last link in the chain, we tap a potentially infinite
>> supply of disposable accounts, on advertising-supported service
>> providers with skins as thick as those of the bulk emailers.
>>
>> Sounds like a plan to me.
>
>OK, lets _do_ it!
Sounds good to me. Hotmail makes a note of the IP address that connected
to it, but luckily there's no shortage of HTTP proxies out there...
- Ian
#!/usr/bin/perl -w
##
## sendhotmail: pipe an RFC822 mail message into this, and it will send it
## out from a hotmail account via an HTTP proxy
##
## Initial revision 19970808 by Ian Goldberg <ian@cypherpunks.ca>
##
## Set the following to your proxy host and port.
## Look at the files pointed at by
## http://ircache.nlanr.net/Cache/Tracker/caches/
## for sample entries, but most of them don't allow just anyone to connect
## to hotmail through them.
$proxyhost = 'proxy.slt.lk';
$proxyport = 8080;
## This is your hotmail login name and password
$login = ## Fill this in yourself
$passwd = ## Fill this in yourself
## End Configuration
sub escapetext {
my $t = $_[0];
$t =~ s/([\000-\037\200-\377\{\}\|\\\^\[\]\`\"\<\>\:\@\/\;\?\=\&\%\.\#])/"%".unpack('H2',$1)/eg;
$t =~ s/ /+/g;
$t;
}
## Parse the incoming mail (note that we don't handle continuation headers)
## Also, the To, Cc, and Bcc headers ought to be in a form hotmail understands
## (no full names, etc.). We try to do the stripping properly.
$to = '';
$subject = '';
$cc = '';
$bcc = '';
while(<STDIN>) {
if (/^To:\s+(.*)/io) {
$to = $1;
$to =~ s/\(.*?\)//g;
$to =~ s/\".*?\"//g;
$to = &escapetext($to);
} elsif (/^Subject:\s+(.*)/io) {
$subject = &escapetext($1);
} elsif (/^Cc:\s+(.*)/io) {
$cc = $1;
$cc =~ s/\(.*?\)//g;
$cc =~ s/\".*?\"//g;
$cc = &escapetext($cc);
} elsif (/^Bcc:\s+(.*)/io) {
$bcc = $1;
$bcc =~ s/\(.*?\)//g;
$bcc =~ s/\".*?\"//g;
$bcc = &escapetext($bcc);
}
last if /^$/;
}
$msg = &escapetext(join("\r\n", <STDIN>));
use LWP;
## Begin magic
$ua = new LWP::UserAgent;
$ua->proxy('http', "http://${proxyhost}:${proxyport}/");
$url = new URI::URL 'http://www.hotmail.com/cgi-bin/password.cgi';
$request = new HTTP::Request('POST', $url);
$request->header(Pragma => 'no-cache');
$request->content("login=${login}&curmbox=ACTIVE");
$response = $ua->request($request);
$body = $response->content;
$body =~ /\<\s*form\s+[^>]*action=\"(.*?)\"/io or die "Cannot log in";
$url = new URI::URL $1, $url;
$body = $';
$body =~ s/\<\s*\/form\s*\>.*//;
$body =~ /\<\s*input\s+[^>]*name=\"disk\"\s+value(=\"(.*?)\")?/io or die "Cannot give passwd";
$disk = $2 || "";
$request = new HTTP::Request('POST', $url);
$request->header(Pragma => 'no-cache');
$request->content("passwd=${passwd}&frames=no&disk=${disk}&curmbox=ACTIVE&login=${login}&js=no");
$response = $ua->request($request);
$body = $response->content;
$body =~ /\<\s*area\s+[^>]*href=\"(\/cgi-bin\/compose.*?)\"/io or die "Cannot compose";
$composeurl = new URI::URL $1, $url;
$body =~ /\<\s*area\s+[^>]*href=\"(\/cgi-bin\/logout.*?)\"/io or die "Cannot compose";
$logouturl = new URI::URL $1, $url;
$request = new HTTP::Request('GET', $composeurl);
$request->header(Pragma => 'no-cache');
$response = $ua->request($request);
$body = $response->content;
$body =~ /\<\s*form\s+[^>]*action=\"(.*?)\".*?\>/io or die "Cannot send message";
$url = new URI::URL $1, $composeurl;
$body = $';
$data = '';
while(1) {
$body =~ /^\s*\<\s*input\s+type=\"?hidden\"?\s+name=\"(.*?)\"\s+value(=\"(.*?)\")?\s*\>/io or last;
$name = $1; $value = $3 || ""; $body = $';
$data .= $name."=".$value."&";
}
$data .= "to=${to}&subject=${subject}&cc=${cc}&bcc=${bcc}&body=${msg}&Send.x=1&Send.y=1";
$request = new HTTP::Request('POST', $url);
$request->header(Pragma => 'no-cache');
$request->content($data);
$response = $ua->request($request);
$body = $response->content;
$request = new HTTP::Request('GET', $logouturl);
$request->header(Pragma => 'no-cache');
$response = $ua->request($request);
Return to August 1997
Return to “Mike Duvos <enoch@zipcon.net>”