Development Mode Not Providing Stats

[LarryGrim]

Still in DEV Mode. Admin panel working. Phishing going out (both Google and GoDaddy). Phishing link resolving and bringing up the phishing page. However, aside from statistics on email sent, no tracking of open, clicked or password entered. The setup (apachectl -S, contents of 5.conf phishing sites-enabled, and pf.conf Global settings Settings for the campaign 5 email

[zeknox]

The Application SITE Url needs to be different than that used within the campaign. I really need to build a validation to prevent this from happening...

[LarryGrim]

1. Changed the Application Site in the Global Settings to different FQDN.
2. Made the campaign inactive.
3. Verified that the phishing campaign conf file was not in the /sites-enabled folder. 4, Cleared out all the campaign statistics
4. Made the campaign active
5. Checked the target LastName, FirstName, email_address
6. Launched the campaign
7. Target got the email
8. Target clicked on the email
9. The phishing page (LinkedIn) showed up in the target's system.
10. Aside from email opened, there were no stats registered in the Report screen for the target. Anything particular that I should send across?

[zeknox]

Start here to manually invoke a click event to see if everything is working properly: https://www.phishingfrenzy.com/resources/troubleshooting

If Emailed Clicked stat is not working, then Passwords Harvested for surely wont work.

[LarryGrim]

Understand. This is the response

[zeknox]

Then that's your issue. Until this responds with an HTTP 200 OK you're never going to track analytics. You need to test this on the FQDN which your PF interface is configured on. The Tracking API is only available on the FQDN where PF UI is up and running on.

[LarryGrim]

Confused in that there are two different FQDN's associated with this setup. The PF interface is on www.provider-resource.com The target interface is on www.linkedon.us The apachectl -S shows

[zeknox]

If you're hitting the FQDN of www.linkedon.us and the PF interface shows up thats good. If you then add in the path of /reports/results/ you should receive something other than the 404 otherwise I'm not really sure whats going on.

[LarryGrim]

The link, http://www.linkedon.us/?uid=PZGMRDBQ comes up the the false 2004 LinkedIn page provided with the template. However, as you see, the http://www.linkedon.us/reports/results/?uid=PZGMRDBQ comes up with the 404 page Not Found The requested URL /reports/results/ was not found on this server. Something else to check? My previous problem was no php apache module loaded.

[zeknox]

I missed it in your previous screenshot but look how pf.conf is configured on the FQDN of provider-resource.com however you're trying to test the PF API using a different domain?

This is why your getting the 404. The API is not accessible on your phishing sites but only the VHOST where pf.conf is defined. Try to manually invoke a click event using the proper FQDN. The same FQDN that is defined within pf.conf.

[LarryGrim]

The contents of pf.conf

[zeknox]

You're not hitting the proper path. Slow down and focus.

[LarryGrim]

Yep. Slow down is good. URL should have been http://provider-resource.com/reports/results/?uid=PZGMRDBQ

[zeknox]

Ok, now you need to configure your Application Site URL to provider-resource.com make all active campaigns inactive, and test to see if you're able to track clicks and such.

The PF Tracking API is functioning properly. Now all you need is to ensure the phishing sites are properly forwarding all tracking analytics to this API. I'm going to be AFK for the evening, so this is my final support response for a bit.

[LarryGrim]

pf.conf, I thought, was the setup for the PhishingFrenzy admin console.

Setup number one. All campaigns inactive and stats cleared from report page.

PF Administration console Application Site URL = http://linkedon.us Campaigns -> Email Settings -> Phishing URL = http://www.linkedon.us Campaigns -> Email Settings -> FQDN = www.linkedon.us

http://www.linkedon.us/reports/results/?uid=GLJBCJHW fails with 404 page not found http://www.provider-resource.com/reports/results/?uid=GLJBCJHW does generate open/clicked.

============ same scenerio but in the PF Administration console Application Site URL = http://provider-resource.com Campaigns -> no change inactive/active switch

http://www.linkedon.us/reports/results/?uid=YOMETQMU fails with 404 page not found http://www.provider-resource.com/reports/results/?uid=YOMETQMU does generate open/clicked

So, it seems that the pf.conf file is the only place where the provider-resource.com stays in the setup and is part of the base URL that triggers a statistic. This seems to be regardless of the Global Settings Application Site URL setting.

[LarryGrim]

Ok. This seems to be difficult to use two different domain names for Phishing Frenzy. There are four places to put a domain name.

1. In the pf.conf file, under /etc/apache2
2. In the Global Settings under the Application Site URL (http://....)
3. In the Campaign Settings, under Email Settings, as the Phishing URL (http://...)
4. In the Campaign Settings, under Email Settings, as the FQDN so, Given a domain of PF-Admin.com that will be used by the admin to setup the campaign Given a domain of PF-Victim.com that will be presented to the phishing target. Where should these two FQDN and/or associated URLs http:// be placed?

I seem to be continued to be challenged on where they are instantiated.

[LarryGrim]

Still stuck. I think that there are at least four places to put domain names, and I have tried all the ways to do this and stats still do not post to the report page. Some combinations do not even work to have the user go to the right target page. Thanks, in advance.

[zeknox]

This is the best visual I can put together to display how Tracking within PF works and what FQDN should be configured where. Hope this helps.

[zeknox]

Going to close this ticket. I dont believe this is a bug, and this is the most support I can provide at this time. Hope this helps.