Pulling an email address from a website

Hey Guys

I'm trying to get the actual email address from a website where there is only a submission form available. The only place I can think of checking is in the developer tools in Firefox but no luck so far.

Any tips?

Thanks!

 

Look for the PHP mail function. The first argument of the function is the addy. The function looks like this: mail ( string $to , string $subject , string $message [, string $additional_headers [, string $additional_parameters ]] )

A simple example is:
<?php
// The message
$message = "YOLO";

// Send
mail('thisguy@example.com', 'My Subject', $message);
?>

You shouldn't need any fancy developer tools, just look at the source (CTRL+U). If that fails, see if they have an address listed with WHOIS.

 

Thats unlikely to work, a lot of php will be running server side. You do not see most of it in your browser, just the result.

 

I've tried a few so far. No dice....

 

Most forms call an external mailer file. Have you tried looking the domain up in whois.sc for contact info?

 

Simply put, you won't extract it. The e-mail is likely hardcoded in a server-side PHP script you don't get to the see the source of.
As HSV5000 suggested, try looking in the WHOIS info for an e-mail. Else, you're out of luck.

 

ALL PHP will be run server side.

 

The whole reason people use those forms is so you can't have their email address...

 

Even if it calls a script, you can try to access that script. Maybe they have it CHMOD'd to be accessible.

 

Some of the slightly crappier ones don't hide it, most (all?) PHP ones do though.

 

Really, that is just not how web servers work. Please don't respond if you don't know what you're talking about.

 

Actually, in December I'll have a Master's degree in Information Systems from FIT.
It never hurts to try things. It would take all of 2 minutes to see if the source references a different script, then to put that path in your browser. It might yield a result, it might not.
I'm just trying to help give the OP some ideas to try.


Also, if the site is all Flash-based (as some websites still are) you could always use a .SWF decompiler on that. But you would have to copy the .SWF locally first.

 

That doesn't make it better.

Even if the source would reference a different script, you'd never see it since it would execute server-side; else the script wouldn't even function in the first place.

But that's not the case.

 

If you can get the email address from a web form, whomever authored the web form should be fired, plain and simple. Why someone would use PHP to call a script to send an email (which might expose the address) boggles my mind.

 

Not to sound like a cunt, but having a degree means nothing all it does is fasten the process to get a job. Someone could be more experienced and skilled than you, and having a piece of paper doesn't justify it.

 

*slowly backing away from the thread*

 

Good for you, still wrong though.

You can run php locally (not just in browser - which technically makes your local machine the server) , but I wasnt over clear. Point being, as you know, it wont work

 

In any case, I hope the OP can get the answers he seeks. There are many contact forms in the world. I have seen them done in Flash, AJAX, and of course straight PHP. Not to mention the many contact form plugins for Wordpress...
We don't know if the site was done professionally and securely or otherwise.

Japan-Games, some websites and/or mail servers have a catch-all account. If you can't find an e-mail address, just try e-mailing anyone@thatsite.com. There may not be a catch-all account but once again, it is something you could try.
Best of luck.

EDIT: I realize AJAX and Wordpress plugins will be utilizing PHP.

 

The issue is, you have done the typical student thing - "Ill have a degree, so I know more!" or even "Ill have a degree, so I know what I am talking about!"

Which to be honest, is wrong. The number of times I have had graduates start at places im working (I work in IT and have done for 15~ years) and they have no clue about the real world, just what they learnt in a classroom - which most of the time means nothing.

Not only that - IT is such a huge field these days, just because you have an IT degree - you may never see anything to do with web servers or other parts of the field - "I know IT" doesnt really cut it these days, people are generally specialised as you cant know everything.

Anyways, id suggest you lose that before you start work, it will make things better for you.

Anyway, back on topic...

All mail servers have (or at least should, to be spec compliant) a catch all account. "postmaster@" is the one that should exist - http://en.wikipedia.org/wiki/Postmaster_(computing)


However, it may not be monitored... but its a good idea.

 

If I still had your quote, I would have put it here