back
loading skill details...
>-
SKILL: Email Header Injection — Expert Attack Playbook AI LOAD INSTRUCTION: Expert email header injection and authentication bypass. Covers SMTP CRLF injection, SPF/DKIM/DMARC circumvention, display name spoofing, and mail client rendering abuse. Base models miss the nuance between header injection (technical) and email auth bypass (protocol-level) — this skill covers both attack surfaces. 0. RELATED ROUTING crlf-injection — general CRLF injection; email headers are a specific high-value sink ssrf-server-side-request-forgery — when SMTP server is reachable via SSRF (gopher://smtp) open-redirect — redirect in password-reset emails as phishing amplification 1. SMTP HEADER INJECTION FUNDAMENTALS SMTP headers are separated by CRLF (\r\n). If user input is placed into email headers without sanitization, injecting %0d%0a (or \r\n) adds arbitrary headers. Injection anatomy
don't have the plugin yet? install it then click "run inline in claude" again.