Skip to content

Server SSL Support

Jump to bottom
Spencer McIntyre edited this page Jun 9, 2016 · 11 revisions

Starting in version 0.1.7 King Phisher support serving pages over SSL. This is very helpful for both security as credentials are collected as well as making the site look more legitimate. To enable SSL, the server needs some configuration changes to be made.

Server Configuration Changes

To enable SSL the server configuration file needs to have the following settings configured:

server:
  addresses:
    - host: 0.0.0.0
      # set the port to 443, the default port for https
      port: 443
      # set ssl to true, by default it is disabled
      ssl: true
...
  # specify the path to the certificate file
  ssl_cert: /path/to/ssl.crt
  # specify the path to the SSL key file
  ssl_key: /path/to/ssl.key

Client Configuration Changes

When the client logs in to the King Phisher server they will need to specify the HTTP port and enable SSL in the login dialog. The HTTP port will be the same value as was specified in the server's configuration file under the address section.

Multiple Host Names

Starting in version King Phisher 1.4, multiple SSL certificates can be specified for individual hostnames. This leverages SSL's Server Name Indicator (SNI) extension. This feature requires Python 2.7.9 / 3.4 or newer and for Python to have been compiled with SNI support. Python's SNI support can be checked by running the command: python -c "import ssl; print('Has SNI support: ' + ('Yes' if getattr('ssl', 'HAS_SNI', False) else 'No'))"

To specify additional certificates for hostnames, add an entry into the ssl_hosts server section. This list takes entries with at least a host and ssl_cert to define the hostname and SSL certificate file respectively. Please note that a default certificate must still be specified in the ssl_cert field. If the client requests a hostname that does not have a specific certificate or the client does not specify a hostname at all, the default certificate will be prestend.

An example configuration:

  # define the default certificate
  ssl_cert: /path/to/default.crt
  ssl_key: /path/to/default.key
  # define additional certificates for specific hostnames
  ssl_hosts:
    - host: king-phisher.com
      ssl_cert: /path/to/king-phisher.com.crt
      ssl_key: /path/to/king-phisher.com.key
    # additional entries can be added

Home | Blog | Install | Technical Docs | IRC | Slack | Copyright © 2013-2019 SecureState LLC

Wiki Home

Frequently Asked Questions

Jinja Variables

Want King Phisher Hosted For You?

Videos

Using King Phisher

  1. Getting Started
  2. Running A Campaign
  3. Creating Server Content
  4. Creating Message Content
  5. Updating King Phisher

Additional Resources

Clone this wiki locally