OP 22 December, 2022 - 03:58 PM
(This post was last modified: 22 December, 2022 - 04:09 PM by aaaaaang.)
I'm having issues setting up my phishing campaign. I httracked the site I wanted, changed the script, so the credentials would be captured, and then hosted it. But I didn't know
how to assign each email/person to the credentials and also the way I captured the credentials was not too effective because I would just get username and PW. So I found
Gophish, but now I'm facing the issue of my landing page not showing correctly. I put the folder of the website in \static\js\src\vendor\ckeditor\plugins\preview, but it still only shows the page correctly if I put an index.html as the landing page code that refers (href) to the page I really want. I tried connecting the gophish server (Ubuntu 20.04.5 LTS VPS) to the Domain I hosted with a PTR Record, that didn't work. Tried getting a new Domain, connecting it to the VPS with an PTR and A Record they connected but the website I put in the Gophish server (VPS) still doesn't show, it only shows a blank page if I put the index.html as the landing page and just the text if I put the code of the Site I want as the landing page, if I then press "view page source" it says:
// Prevent from DOM clobbering.
if ( typeof window.opener._cke_htmlToLoad == 'string' ) {
var doc = document;
doc.open();
doc.write( window.opener._cke_htmlToLoad );
doc.close();
delete window.opener._cke_htmlToLoad;
}
So my questions are, what could trigger "// Prevent from DOM clobbering."? Is there another way to get the Page I want as the landing Page? And how would I go if I want to assign each email/person to the credentials and also capture IP and Browser info? Or would it be easier to use the page I already hosted together with a beef hook?
I'll pay for help
This is a bump
how to assign each email/person to the credentials and also the way I captured the credentials was not too effective because I would just get username and PW. So I found
Gophish, but now I'm facing the issue of my landing page not showing correctly. I put the folder of the website in \static\js\src\vendor\ckeditor\plugins\preview, but it still only shows the page correctly if I put an index.html as the landing page code that refers (href) to the page I really want. I tried connecting the gophish server (Ubuntu 20.04.5 LTS VPS) to the Domain I hosted with a PTR Record, that didn't work. Tried getting a new Domain, connecting it to the VPS with an PTR and A Record they connected but the website I put in the Gophish server (VPS) still doesn't show, it only shows a blank page if I put the index.html as the landing page and just the text if I put the code of the Site I want as the landing page, if I then press "view page source" it says:
// Prevent from DOM clobbering.
if ( typeof window.opener._cke_htmlToLoad == 'string' ) {
var doc = document;
doc.open();
doc.write( window.opener._cke_htmlToLoad );
doc.close();
delete window.opener._cke_htmlToLoad;
}
So my questions are, what could trigger "// Prevent from DOM clobbering."? Is there another way to get the Page I want as the landing Page? And how would I go if I want to assign each email/person to the credentials and also capture IP and Browser info? Or would it be easier to use the page I already hosted together with a beef hook?
I'll pay for help
This is a bump
