Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Tracking origin of an email sent via Gmail

  1. #1
    Just burned his ISO
    Join Date
    May 2007
    Posts
    15

    Question Tracking origin of an email sent via Gmail

    These is an issue in my company where a persons reputation is at stake. The need is to find out, if the email sender, logged into the gmail account from which country around the globe? I just need to track the country IP ranges from where the sender logged into gmail account.

    When I do a test and study the headers of the gmail ( I sent an email via my own gmail account to my own another account), I failed to find mention of my IP address. Seems like gmail masks that information.

    If there a tool within backtrack to help us out in this case?

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Tracking origin of an email sent via Gmail

    If the senders IP address is not included in the email headers (as it is in the case of certain other web based email providers), then you wont be able to access it via BackTrack. BackTrack can't magic up information from places where it does not exist. If you want to find out the IP Address of a user who sent an email via gmail, you need to subpoena Google - they will have kept a record of the IP Address of the person who sent the email.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    May 2007
    Posts
    15

    Default Re: Tracking origin of an email sent via Gmail

    Quote Originally Posted by lupin View Post
    BackTrack can't magic up information from places where it does not exist.
    I was going thorugh a thread which reached nowhere:
    How to find Gmail Sender IP address ? - Black Hat Forum Black Hat SEO

    From what I see in my headers is indeed a hashed up entry like:
    -----

    Received: (qmail 5669 invoked from network); 9 Jun 2010 05:48:21 -0000
    Received: from mail-vw0-f43.google.com (HELO mail-vw0-f43.google.com) (209.85.212.43)
    by server-11.tower-206.messagelabs.com with SMTP; 9 Jun 2010 05:48:21 -0000
    Received: by mail-vw0-f43.google.com with SMTP id 3so8189957vws.16
    for <myname@mymail.com>; Tue, 08 Jun 2010 22:48:21 -0700 (PDT)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    d=gmail.com; s=gamma;
    h=domainkey-signature:mime-version:received:received:date:message-id
    :subject:from:to:content-type;
    bh=PQtFR9WvFYyLIMoqNwTlfGV1n1b+Oi0dU//GpAk0hZg=;
    b=DLIgS6i982N8PCGP5XZz1wpfnOuMp7TiBVmK0HcdhwiMmJkn 8MiYYCJC8SNHLhrpD0
    IF12IGnOLPcxTBHQKOkwZLS+AlppeO4IGQz6780re/kdiOiK84Tvygzd3vmeGvaH23aS
    lnzdhBx8K3NKQYHD2o4+YZypGkvfhCW24zXTY=
    ----

    Messagelabs is our email security hosted gateway and mymail.com is my official email address. This is the header of an email that I sent to mymail.com account from my gmail web interface.

    I was wondering if gmail uses base64 for encoding the IP address in header and with a decoder its possible to see the original ip address, as someone mentioned in the thread on Blackhat.

  4. #4
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    16

    Default Re: Tracking origin of an email sent via Gmail

    Quote Originally Posted by Magnet View Post
    These is an issue in my company where a persons reputation is at stake. The need is to find out, if the email sender, logged into the gmail account from which country around the globe? I just need to track the country IP ranges from where the sender logged into gmail account.

    When I do a test and study the headers of the gmail ( I sent an email via my own gmail account to my own another account), I failed to find mention of my IP address. Seems like gmail masks that information.

    If there a tool within backtrack to help us out in this case?
    I don't get it. Why take the hassle of doing so much when you can just prove that it is not the email account of the person you are saying is at stake? This is assuming the person at stake is being accused of sending an email to someone that he should not. For me, just tell them it is not his account, they couldn't prove it otherwise, right? In this world where any one can open up free anonymous email account, email can not be said as definite proof of accusing someone. The easier path is just point out this argument to them.

    But if you insist on really finding out the IP address of the sender, then I doubt this cry for help is a noble cause...

  5. #5
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    1

    Default Re: Tracking origin of an email sent via Gmail

    hi Magnet & lupin,

    i think you can trace a mail in gmail following these steps :

    1-



    2-




  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Tracking origin of an email sent via Gmail

    phangs - the issue might be one of libel, you need to identify a person who sent an email to one of your organisations staff members (or rule out a particular person having sent that message). We have had a similar issue in the past where I work.

    s3ni0r - it looks like that particular email you are sending has been forwarded via an Exchange server, and you're identifying the sending IP via the received headers. When you send an email via the gmail web interface it does not add the same received headers (I just tried it then to confirm) - you instead see something more or less exactly like what the OP showed in post 3 above.

    Magnet - Yes that is Base64 encoded stuff in those fields (or it looks like it at least). There are things you can use to decode it in BackTrack, but you dont need BackTrack to Base64 decode something - there are web pages that can do that for you. If you want to do it in BT one easy way to do so would be to use the Decoder tab in the Burp proxy. I Base64 decoded the data shown in your headers and in my header from my test email and it decodes to binary data, and in the case of my headers I didnt see my IP address there in either ASCII or Hex format.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #7
    Just burned his ISO ubt4me's Avatar
    Join Date
    Jun 2010
    Posts
    2

    Default Re: Tracking origin of an email sent via Gmail

    Just a side note:
    I open web based mail accounts the same way I view Forum pages, behind proxy servers from all over the world. The only downside to jumping proxy servers is the need to log in to post and halt the jump while you are logged in.
    I guess the point I am trying to make here is, you can't prove anything.

    Try and find me LOL.

  8. #8
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default Re: Tracking origin of an email sent via Gmail

    Quote Originally Posted by ubt4me View Post
    Just a side note:
    I open web based mail accounts the same way I view Forum pages, behind proxy servers from all over the world. The only downside to jumping proxy servers is the need to log in to post and halt the jump while you are logged in.
    I guess the point I am trying to make here is, you can't prove anything.

    Try and find me LOL.
    So, you think that by using a proxy server that you do not have any administrative control over that you can't be found?

    Oh and just a side note, your ISP knows everything you do, proxy or not.
    Last edited by hhmatt; 06-21-2010 at 03:11 PM.

  9. #9
    Just burned his ISO ubt4me's Avatar
    Join Date
    Jun 2010
    Posts
    2

    Default Re: Tracking origin of an email sent via Gmail

    Quote Originally Posted by hhmatt View Post
    So, you think that by using a proxy server that you do not have any administrative control over that you can't be found?
    First, i filter by and only use 3 dot security proxy servers that have a return ping of less that 2.5 sec.

    Quote Originally Posted by hhmatt View Post
    Oh and just a side note, your ISP knows everything you do, proxy or not.
    Second, I do not do illegal activities over the internet so am ok with my ISP knowing everything I do, I simply use proxies as a way to prevent a direct link back to me for malicious attacks in forum and mail environments, I just wanted to point out as lupin suggested the need to subpoena Google, you may also need to keep up with that same process to find the true sender and that just won't happen.

  10. #10
    Good friend of the forums spawn's Avatar
    Join Date
    Jan 2010
    Posts
    280

    Default Re: Tracking origin of an email sent via Gmail

    it can be interesting

    MaxMind - GeoIP Perl API

    MaxMind - GeoIP | IP Address Location Technology

    -> backtrack Main site ( 208.68.234.100 )

    spawn@alucard ~ $ perl geocity.pl
    US USA United States FL Florida Hollywood 26.0097 -80.2593

    not is 100% precise .


Page 1 of 2 12 LastLast

Similar Threads

  1. flash-origin-policy-issues
    By Jac01 in forum OLD General IT Discussion
    Replies: 0
    Last Post: 11-13-2009, 12:45 PM
  2. Tracking the Source of an Email
    By theprez98 in forum OLD Tutorials and Guides
    Replies: 13
    Last Post: 04-22-2008, 08:35 PM
  3. Tracking People
    By Little_Dice in forum OLD General IT Discussion
    Replies: 9
    Last Post: 03-05-2008, 08:52 AM
  4. Email Tracking
    By l0gaN in forum OLD Newbie Area
    Replies: 9
    Last Post: 09-06-2007, 03:33 AM
  5. tracking signal
    By dmc82x in forum OLD Newbie Area
    Replies: 5
    Last Post: 05-31-2007, 12:21 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •