Note:  Please do not abuse this method to check large sets of emails.  Apple can/will patch it.

Background Info

This exploit uses a JSON request found on the “Create Your Apple ID” page.  The form detects if an email is available or not.

You can find the JSON request by using a form interception tool such as the Chrome “Tamper” plugin.  The screenshot below shows the request to “https://appleid.apple.com/account/validation/appleid” and the headers that it sends.  After much trial and error, I found that you only need to send “x-Apple-ID-Session-Id”, “scnt”, “Cookie”, “Accept” and “Content-Type”.  The headers “x-Apple-ID-Session-Id” and “scnt” are generated when you first load the page in your client.  Instead of reverse engineering how they are generated, we can simply request the “Create Your Apple ID” page, extract valid values and send them to “https://appleid.apple.com/account/validation/appleid”.

Powershell Script

The PowerShell code below demonstrates how you can query the “Create Your Apple ID” page, extract valid header values and make a validation JSON request.

Example Output

Valid: True means the email has a valid syntax.

Used: True means email is associated with an Apple ID

appleOwnedDomain: True means the domain is apple owned (iCloud.com)

isRecycledDomain:  Not sure what this means.  Let me know in the comments if you have any ideas.


Below are two examples of how you could embed the code above into a PowerShell function for easy reuse.

Get-AppleIDProperties.ps1 – This function checks to see if an email is associated with an Apple ID.

Get-EmailInfo.ps1 – This function takes it a step further and returns a wide range of email information using a variety of sources and API’s (see below screenshot for example).

 

Free WordPress Themes, Free Android Games