-
Notifications
You must be signed in to change notification settings - Fork 550
Server SSL Support
Starting in version 0.1.7 King Phisher support serving pages over SSL. This is very helpful for both security as credentials are collected as well as making the site look more legitimate. To enable SSL, the server needs some configuration changes to be made.
To enable SSL the server configuration file needs to have the following settings configured:
server:
addresses:
- host: 0.0.0.0
# set the port to 443, the default port for https
port: 443
# set ssl to true, by default it is disabled
ssl: true
...
# specify the path to the certificate file
ssl_cert: /path/to/ssl.crt
# specify the path to the SSL key file
ssl_key: /path/to/ssl.keyWhen the client logs in to the King Phisher server they will need to specify the HTTP port and enable SSL in the login dialog. The HTTP port will be the same value as was specified in the server's configuration file under the address section.
Starting in version King Phisher 1.4, multiple SSL certificates can be specified
for individual hostnames. This leverages SSL's Server Name Indicator (SNI)
extension. This feature requires Python 2.7.9 / 3.4 or newer and for Python to
have been compiled with SNI support. Python's SNI support can be checked by
running the command:
python -c "import ssl; print('Has SNI support: ' + ('Yes' if getattr('ssl', 'HAS_SNI', False) else 'No'))"
To specify additional certificates for hostnames, add an entry into the
ssl_hosts server section. This list takes entries with at least a host and
ssl_cert to define the hostname and SSL certificate file respectively.
An example configuration:
ssl_hosts:
- host: king-phisher.com
ssl_cert: /path/to/king-phisher.com.pem
# additional entries can be added