-
Notifications
You must be signed in to change notification settings - Fork 550
Running A Campaign
Running a phishing-focused social engineering campaign is the primary purpose of King Phisher.
The general work flow of a phishing campaign with King Phisher begins with creating a list of target email addresses. Next, an email is crafted to persuade the user to visit a link contained within it. Finally, the link sends the victim to the King Phisher server where they are tracked and recorded.
Start the King Phisher client and from the open campaign dialog enter the campaigns name and select "New Campaign"
The King Phisher server hosts static HTML content and tracks users by monitoring parameters in requests. Before messages are sent in a campaign, a landing page should be configured in the web root of the server. See the Configuring Landing Pages section for more details.
Once a campaign is selected, the "Send Messages" tab is used to create the email which will be sent to the targets.
All required fields have an asterisk by their name. The "Web Server URL" option is the URL which will be placed in the link sent to the users. It is important that this field is properly configured. The URL should not contain any GET parameters to keep compatibility with the message templates. The value of this URL is also used to track and count visits.
King Phisher accepts a list of targets defined from a CSV file. The format of this file expects each target to be specified on a separate line in the format first name , last name , email address. This allows the message template to be updated with the users first and last name as variables.
The "Edit" tab can be used to edit the template of the HTML email, use the "Preview" tab to view it rendered. King Phisher comes with a few email templates which can be used to get started.
Messages need to have a link for the users to click which, will take them to the web site hosted on the King Phisher server. This link MUST be set to pass the uid variable to the webserver as the id parameter. The url.webserver variable has the uid parameter already configured. A simple link example is: <a href="{{ url.webserver }}">Click Here</a>.
Messages can contain variables which will be substituted when the message is sent. For a list of available variables, see the Mesage Variables section.
The Jinja2 engine is used for formating messages.
The "Send Messages" tab can be used to send the emails to each of the targets. Rate limiting is available through the configuration dialog.