-
Notifications
You must be signed in to change notification settings - Fork 547
Creating Message Content
Possibly the most important [Jinja Variable][jinja-vars] to include when
creating message content is the url.webserver
which is a link containing the
message's unique identifier. This ID value is required to track incoming web
requests and associate them with a sent message and by extension, a campaign.
Without this value, the King Phisher server can not track any information
leading to empty visit and credential tables. This Jinja variable is most often
included as part of an HTML link using the standard a
tag with an href
attribute.
For example, the following HTML tag would create a link to the configured Target URL containing a unique link rendered as "Click me!" in the HTML.
<a href="{{ url.webserver }}">Click me!</a>
The subject line used for messages is also treated as a template just like the message body is. This can be used to render dynamic subject lines for each message recipient.
Images can be embedded into message content two different ways depending on where the image is hosted. When both options are available, embedding local images inline will often result in a more legitimate email appearance.
Embedding remote images into messages is the more common approach and is well suited for large images as they do not have to be sent attached to the email. The potential problem with embedding remote images into the HTML content of a message is that many email clients will not load the content by default, often resulting in the user being prompted to load.
To embed a remotely hosted image, use the img
HTML tag in the message
content. For example,
<img src="https://raw.githubusercontent.com/securestate/king-phisher/master/data/king-phisher-logo.png" />
would embed the King Phisher logo into the message. It is important to note that
if the image is being hosted on the King Phisher server that the messages UID
should be included as a parameter in the URL. Without this, the server will not
respond to the image request in the default configuration. To add the message
UID parameter just append ?id={{ uid }}
to the end of the image URL.
An alternative approach to embedding images into email content is to send the
image "inline" by attaching it to the message. This results in much larger email
messages but the images will almost always be displayed automatically without
prompting the viewer. To embed local images inline, use the inline_image
template function. This tag can easily be generated by right clicking in the
message editor tab and selecting "Insert > Inline Image". The resulting tag will
look like {{ inline_image('/path/to/the/image.png') }}
.
King Phisher supports phishing with Calendar Invites. To use this feature, the
"Message Type" in the Send Messages > Configuration
tab must be set to
"Calendar Invite". When this mode is enabled, the user can select addition
settings specific to the invite including the date, start time and duration for
the meeting. These settings are made available to message templates through the
calendar_invite variable.
Messages sent in this mode will prompt the user to accept them, adding the specified event to their calendar. Care should be used in selecting a source email address when the "Request RSVP" option is enabled since the user will be prompted to respond to the request.