SpoofProof is a Burp Suite extension designed to help security professionals verify email domain spoofing vulnerabilities and validate DNS-based email security configurations like DMARC, SPF, and DKIM. With SpoofProof, users can efficiently assess if a domain is secure against email spoofing attacks, providing a streamlined and reliable approach to domain spoofing validation.
- 🔍 Domain Spoofability Check: Evaluate if a domain can be spoofed and take necessary precautions.
- 🛡️ DMARC Validation: Ensure the domain’s DMARC records are configured correctly to minimize email spoofing risks.
- ✅ SPF Verification: Check SPF records for proper configuration, enhancing email sender verification.
- 🔒 DKIM Validation: Confirm that DKIM records are correctly set up to authenticate email messages.
- 🔗 Easy Integration with Burp Suite: Seamlessly integrates within Burp Suite to complement your existing security testing toolkit.
- Open Burp Suite.
- Navigate to the BApp Store.
- Search for SpoofProof and click Install.
- Once installed, the extension will be available in the Extensions tab.
- Go to the SpoofProof tab in Burp Suite.
- Enter the target domain to begin testing.
- Use the check buttons for DMARC, SPF, and DKIM to validate respective configurations.
- View the detailed results in the output panel, where recommendations will be provided for mitigating identified vulnerabilities.
- Burp Suite Professional or Community Edition
- Java 8 or higher
We welcome contributions! If you have suggestions or improvements, please feel free to submit a pull request.