-
Notifications
You must be signed in to change notification settings - Fork 534
Running A Campaign
Running a phishing-focused social engineering campaign is the primary purpose of King Phisher.
The general work flow of a phishing campaign with King Phisher begins with creating a list of target email addresses. Next, an email is crafted to persuade the user to visit a link contained within it. Finally, the link sends the victim to the King Phisher server where they are tracked and recorded. Once a visitor is on a page hosted by King Phisher, they can optionally be provided with a form requesting credentials or acknowledgement of training.
King Phisher uses the concept of a campaign to organize it's data. All messages that are sent and visits that are recorded are associated with a campaign that has been created by a user. Multiple campaigns can be active at the same time.
Start the King Phisher client and from the open campaign dialog, select "New Campaign". This will open the new campaign creation assistant. Users can enter all applicable on each of the pages. At this time, the only field required is the name of the campaign. If desired, a Company can be declared on the Company page which is useful if the King Phisher user is running campaigns for multiple companies and wants to keep the data separate and organized. Also an optional campaign expiration can be configured which will cause the King Phisher server to stop collecting data once the specified time has passed. This can be used to ensure campaigns each run for the same period of time.
The King Phisher server hosts static HTML content and tracks users by monitoring parameters in requests. Before messages are sent in a campaign, a landing page should be created in the web root of the server. See the Configuring Landing Pages section for more details.
Once a campaign is selected, the "Send Messages" tab is used to create the email which will be sent to the targets.
All required fields have an asterisk by their name. The "Web Server URL" option is the URL which will be placed in the link sent to the users. It is important that this field is properly configured. The URL should not contain any GET parameters to keep compatibility with the message templates. The value of this URL is also used to track and count visits. Typically this link will be to the landing page on the server.
King Phisher accepts a list of targets defined from a CSV file. The format of this file expects each target to be specified on a separate line in the format first name, last name, email address. This allows the message template to be updated with the users first and last name as variables. Lines which contain invalid email addresses will be skipped. An additional and optional fourth field can be included with the targets department in the CSV file.
The "Edit" tab can be used to edit the template of the HTML email, use the "Preview" tab to view it rendered. There is a separate king-phisher-templates repository which can be used to get started.
Messages need to have a link for the users to click which, will take them to the web site hosted on the King Phisher server. This link MUST be set to pass the uid variable to the webserver as the id parameter. The url.webserver variable has the uid parameter already configured. A simple link example is: <a href="{{ url.webserver }}">Click Here</a>.
Messages can contain variables which will be substituted when the message is sent. For a complete list of available variables, see the Message Variables section.
The Jinja2 engine is used for formatting messages.
The "Send Messages" tab can be used to send the emails to each of the targets. Rate limiting is available through the configuration dialog. Rate limits are implemented as a maximum number of messages to be sent per minute.