You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for reaching out! We're happy to help resolve issues as quickly as possible.
Please use this template when creating a new issue. If you do not follow this template format, your issue may be closed without comment.
Before filing a new issue, please use the search bar at the top of the browser to search for similar issues. Also, please make sure you have read our documentation, which covers how to use Gophish.
What version of Gophish are you using?: 0.9.0
Brief description of the issue: When placing Gophish on a containerized system with 2 containers and a load balancer, Gophish is unable to maintain session connection. Gophish will generate a invalid CSRF error or return you to the login page even though you have a valid cookie.
What are you expecting to see happen? : Gophish maintain connection regardless of which container it is serving up the information.
What are you seeing happen? Gophish generates invalid CSRF and/or returns you to login even though you have a valid session.
If this question is related to email templates or landing pages not working as expected, please provide your template or landing page below:
Please provide any terminal output that may be relevant below:
N/A
Please provide as many steps as you can to reproduce the problem:
Step 1 - Install Gophish in a container or server
Step 2 - configure the admin interface for TLS
Step 3 - Crate multiple instances of Gophish (pods or individual servers)
Step 4 - Create a Target group with the pods or servers
Step 5 - Create a load balancer that points to the target group
Step 6 - Begin sending traffic to Gophish via the load balancer
Step 7 - Gophish will generate an invalid CSRF error or redirect to login page
Step 8 - Reduce the number of servers to 1, issue goes away
Does this imply that Gophish is a stateful service?
The text was updated successfully, but these errors were encountered:
Thanks for the report. This behavior was expected, since each instance of Gophish would have generated their own CSRF key on initialization.
Since supporting H/A use cases is something that I want to cover with Gophish, I've added a configuration value called csrf_key that you can add to the admin_server section of the config.
You can generate a sample CSRF key using something like python -c 'import secrets; print(secrets.token_hex(32))'.
Got to trying the csrf_key value and test to see if the error goes away. After testing, the issue persists. I configured the csrf_token value generated the value using python3 using the recommendation provided. The pattern is as follows:
created multiple pods
Added them to target group
Try to sign-in
Server returns to the login page
Sign-in again, server returns to sign-in page
Several attempts later, I receive and invalid CSRF token error
Process repeats
Any thoughts on what might be causing the issue even after adding the csrf_key value?
Thanks for reaching out! We're happy to help resolve issues as quickly as possible.
Please use this template when creating a new issue. If you do not follow this template format, your issue may be closed without comment.
Before filing a new issue, please use the search bar at the top of the browser to search for similar issues. Also, please make sure you have read our documentation, which covers how to use Gophish.
What version of Gophish are you using?: 0.9.0
Brief description of the issue: When placing Gophish on a containerized system with 2 containers and a load balancer, Gophish is unable to maintain session connection. Gophish will generate a invalid CSRF error or return you to the login page even though you have a valid cookie.
What are you expecting to see happen? : Gophish maintain connection regardless of which container it is serving up the information.
What are you seeing happen? Gophish generates invalid CSRF and/or returns you to login even though you have a valid session.
If this question is related to email templates or landing pages not working as expected, please provide your template or landing page below:
Please provide any terminal output that may be relevant below:
Please provide as many steps as you can to reproduce the problem:
Does this imply that Gophish is a stateful service?
The text was updated successfully, but these errors were encountered: