Email injection & parameter pollution payload generator for bug bounty and authorized penetration testing.

This tool is intended strictly for:

• Bug bounty programs where email endpoints are in scope
• Systems you own or have explicit written authorization to test

Never run this against production systems or accounts without permission. Unauthorized testing is illegal under laws such as the CFAA (US), Computer Misuse Act (UK), and equivalents globally.

# No dependencies required (stdlib only)
python3 email_payload_forge.py -o victim@target.com -a attacker@gmail.com

Options:

Examples:

# Generate all payloads
python3 email_payload_forge.py -o victim@target.com -a attacker@gmail.com

# Filter to CRLF injection only
python3 email_payload_forge.py -o victim@target.com -a attacker@gmail.com -f "CRLF Bcc"

# Export for Burp Intruder
python3 email_payload_forge.py -o victim@target.com -a attacker@gmail.com -e payloads.txt

Requirements:

• Burp Suite Pro or Community
• Jython standalone JAR (≥ 2.7.3)

Setup:

1. Download Jython standalone JAR
2. In Burp: Extender > Options > Python Environment → set JAR path
3. Extender > Extensions > Add
   • Extension type: Python
   • File: EmailPayloadForge_burp.py
4. The EmailPayloadForge tab appears in Burp

Usage:

1. Intercept a password-reset or sign-up request in Proxy
2. Right-click → Send to EmailPayloadForge
3. Set target email, attacker email, and parameter name in the tab
4. Click Generate & preview payloads to populate the table
5. For automated sending, open the Python console and call:

   burpCallbacks.getExtension("EmailPayloadForge").send_all()

6. Results (status, length, reflection) update in the table
7. Entries marked REFLECTED=YES are high-priority findings

1. Export .txt with -e payloads.txt
2. Send target request to Intruder
3. Highlight the email parameter value → Add §
4. Payloads tab → Simple list → Paste from file
5. Run attack; sort by Response Length or grep for attacker email

MIT — for authorized security research only.