CODEWITHSUNDEEP
ruby-on-railsrubyruby-on-rails-3ruby-on-rails-4rubygems
Chahine Mansouri
Chahine Mansouri

Reputation: 1

Verify if an email exists in database of the website

I want to verify if the email I am using exists in a website.

I tried posting the email with random password and then from the response, using a search method, I want to see if a string like "email invalid" is present.

If it exists then it's invalid; if not then it's a valid email and so it exists in the database of the website.

I tried this, for example, for facebook.com - but I'm looking for a generic method for other websites:

require 'net/http'
require 'uri'
require 'json'

uri = URI.parse("https://www.facebook.com")
header = {'Content-Type': 'text/json'}
user = {user: {
               email: '[email protected]',
               password: "some_password"
                  }
        }
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Post.new(uri.request_uri, header)
request.body = user.to_json
response = http.request(request)
puts response
puts request.body
source = Net::HTTP.get(uri)
puts source

Upvotes: 0

Views: 270

Answers (1)

Tom Lord
Tom Lord

Reputation: 28305

Not for facebook because I put it as an example but on other websites just to verify if the email exist in the database

This is not always possible. You can only achieve this on a case-by-case basis for a given website. There are several different approaches you could try (as discussed below). You may also find that the website tries to rate limit/block your requests, depending on what you're doing -- for example, by adding a captcha, which (in theory) must require human intervention to pass.

Some possible ways to determine whether an email exists in a website's database are:

  • Try to log in (with a bad password), and see if the response (e.g. error message) indicates whether the email exists.
  • Try to reset the password, and see if the response (e.g. information/error message) indicates whether the email exists.
  • Try to log in several times (with a bad password), and see if anything indicates that the account has been/will soon be locked.
  • Try to sign up a new account, and see if anything indicates "this account already exists"
  • Try to "add/contact/refer a friend" from inside the website; see if this indicates whether that user has an account.
  • ... And so on.

In general, there will always be a trade-off here between the website being user-friendly vs secure: On the one hand, giving helpful error messages like "wrong password" vs "unknown email" is helpful; whereas on the other hand it's insecure for the website to leak information.

Hence why I began this answer by saying "it's not always possible". It depends how each website has been designed.

For example, rails applications using Devise for authentication will, by default, expose information in ways such as the above. But if you choose to set Devise's config.paranoid = true, then error messages become generic and won't leak this data.

You could also try to figure this out by the response time: Sometimes, a (badly designed) website will take longer to respond with e.g. a failed login attempt or password reset request, if the email exists.

For more information, see: https://www.owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002)

I have provided the above information for educational purposes such as how to build a secure website; in general I would not advocate trying to "expose" data by any of the above methods, against a website you do not own.

If you have a legal need to reveal all emails held by another company's website, I would strongly advise requesting access (through the legal system if necessary) rather than trying to leak it via security flaws!

Upvotes: 1

Related Questions