Go Back   TechArena Community > Software > Software Development
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Using PHP to extract Source IP from email header input via HTML form

Software Development


Reply
 
Thread Tools Search this Thread
  #1  
Old 01-05-2012
Member
 
Join Date: May 2012
Posts: 1
Using PHP to extract Source IP from email header input via HTML form
  

Hi,
I am very much a noob at PHP and have been trying to get a web page up that extracts source IP's from an email header that has been pasted in to a form.
I can get the data into an array but am having massive trouble getting the IP's to print. I am pasting in the code I am using below. Please dont laugh too much as I said I am very new to this and have been trying to teach myself as I go.

The html:
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<p>Enter the headers here: </p>
<p>&nbsp;</p>
<form id="header" inputname="header" method="post" action="checkheader.php"><textarea name="headers" id="headers" class="box" type="text" rows="20" cols="130" ></textarea>
<input type="submit" />
</form>

</body>
</html>
The PHP:
<?php
$header=$_POST['headers'];
$ipreg="/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/im";// /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/
preg_match_all("/Received:.*((?:\d+\.){3}\d+)/",$header,$stored);
print_r($stored);
echo count($stored);
?>
And an example header (taken from a spam message)
Return-Path: <kenken_8880@yahoo.com>
Received: from fep08.mfe.bur.connect.com.au (mfep08.mbe.bur.connect.com.au [203.63.232.28])
by mcn01 (Cyrus v2.1.18-CCA_b9) with LMTP; Sat, 28 Apr 2012 00:50:15 +1000
X-Sieve: CMU Sieve 2.2
Received: from fep08.mfe.bur.connect.com.au (localhost [127.0.0.1])
by localhost.mfep08.connect.com.au (Postfix) with ESMTP id 6D9DB13355
for <timbass@aapt.net.au>; Sat, 28 Apr 2012 00:50:15 +1000 (EST)
Received: from bware04.bur.connect.com.au (bware04.bur.connect.com.au [210.8.230.175])
by fep08.mfe.bur.connect.com.au (Postfix) with ESMTP id 5181A1334A
for <timbass@aapt.net.au>; Sat, 28 Apr 2012 00:50:15 +1000 (EST)
Authentication-Results: bware04.bur.connect.com.au
header.from=kenken_8880@yahoo.com; domainkeys=neutral (no sig)
Received: from nm17-vm10.bullet.mail.sg3.yahoo.com (nm17-vm10.bullet.mail.sg3.yahoo.com [106.10.149.89])
by bware04.bur.connect.com.au (BorderWare Security Platform) with SMTP id FD5C78DA29008A4D
for <timbass@aapt.net.au>; Sat, 28 Apr 2012 00:50:14 +1000 (EST)
Received: from [106.10.166.120] by nm17.bullet.mail.sg3.yahoo.com with NNFMP; 27 Apr 2012 14:50:14 -0000
Received: from [106.10.167.180] by tm9.bullet.mail.sg3.yahoo.com with NNFMP; 27 Apr 2012 14:50:13 -0000
Received: from [127.0.0.1] by smtp153.mail.sg3.yahoo.com with NNFMP; 27 Apr 2012 14:50:13 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1335538213; bh=G/EpuDM1NHRGk3zqlboZHdgTsi7MZNxK5d2VM2G0KeA=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Message-IDate:Fromubject:To:Content-Type:MIME-Version:X-Mailer; b=bg3NakKWomvHD8JsrUcg38oY1wo7aIZmeLY2glPi9SweUkT8Eraag4rhTasTWDAzk6nH8lpprcm+CX28u1yHK0uCj51JTvmEu9 JG0anJmJB7qnx2C3H0j0kmQKzlR7MxmbgQtz6fdDasIN4SYyJt2invUlSeoB4e6Z0tlen9gBc=
X-Yahoo-Newman-Id: 982234.55022.bm@smtp153.mail.sg3.yahoo.com
X-Yahoo-Newman-Property: ymail-5
X-YMail-OSG: ioQGUHQVM1khkn4gVNtG5fj3OvLcl02KaqzhSm835IHEEd2
nPZ9Ve2PoKnwlpcntjCEQdCKmbW3dlmPslSS2EMzYSl32ntiWPxOwm0HE8eh
TRoibAq13X2yNPvtV4YgofhnGg3Zk56t6UwEZdqdwmMHF3wkr6bZ_.E9DNLR
X7r2QNmU8icr97WcgeyPUOjlZ9o_Bz._NStEOZ7TtFGeMZvIiBsH6xf8pP.k
l0AhkP_LkA14x.cRElQxaNm6YIBYlqdLr7.Ry4zFHMOVDXXUMo4vBmx2lgg4
2FfIahUb.iKvX13QiKkiFLTuobXM2eRAMRxe_NEX1V1vTqa4guruAA85qgDm
GgWY18daVOj_7GmBp4kuIe6JtWMZ5jSt1Evf.S3r5rmDexCA03sKgwsGBrbz
J8iJz1LCvHiaOqE4R0LviWpFbyxUltDSrAaiDFAI3Igy79o1Szr85qip.5R9
GbvqPHjq2WBqECw--
X-Yahoo-SMTP: VaaK2FWswBANOx4IY0VlY5PxOg2D.3jj
Received: from [192.168.1.1] (kenken_8880@180.252.140.97 with login)
by smtp153.mail.sg3.yahoo.com with SMTP; 27 Apr 2012 07:50:11 -0700 PDT
Message-ID: <4F9A6CD5.37A1AFEE@smtp.mail.yahoo.com>
Date: Fri, 27 Apr 2012 09:54:46 -0500
From: "kenken_8880@yahoo.com" <kenken_8880@yahoo.com>
Subject: FW: your arrest record
To: timbasham@embarqmail.com
Content-Type: multipart/alternative;
boundary="nprc8bOdbL=_olGWFbMto1GfLmlfWflfo5"
MIME-Version: 1.0
X-Mailer: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.5+)
Gecko/20011102
X-BTI-AntiSpam: score:58,sta:66/030,dnsbl:passed,sw:passed,bsn:42/passed,spf:none,bsctr:off,dk:passed,pbmf:none,ipr:1/3,trusted:no,ts:no,bs:no,ubl:passed
Received-SPF: none

Reply With Quote
  #2  
Old 08-06-2012
Member
 
Join Date: Jan 2006
Posts: 605
Re: Using PHP to extract Source IP from email header input via HTML form

You can try to capture IP packet whether it is UDP or Rtp from user space by going to winpcap website, they have a proper documentation which is very straight forware to use.
Reply With Quote
Reply

  TechArena Community > Software > Software Development
Tags: , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Using PHP to extract Source IP from email header input via HTML form"
Thread Thread Starter Forum Replies Last Post
Google Chrome is opening in basic HTML form instead of the Standard form Beatrix Technology & Internet 5 25-05-2011 10:21 PM
How to include Header & footer within HTML? seema_thk Software Development 3 09-12-2009 08:24 AM
HTML input type password Antarjot Software Development 3 18-11-2009 12:32 PM
HTML form get method TAMAR Software Development 2 22-06-2009 01:40 PM
Make a form in HTML, CSS, PHP Gyan Guru Guides & Tutorials 1 11-11-2008 05:26 PM


All times are GMT +5.5. The time now is 08:51 PM.