Phishing Reports not showing link clicks

[jwilczek]

I have verified that the Application Site URL is properly configured within the Global Settings. Also, I have confirmed that all clicks are properly logged in the Apache logs. However, the Reports page show 0 clicks.

This is a phishing frenzy instance that I have used successfully for dozens of tests in the past. This is the first instance where results were not correctly reported in the web UI.

[zeknox]

Start here and report back: https://www.phishingfrenzy.com/resources/troubleshooting

If you’re able to invoke a manual click event then you’ll want to review the PHP tags on your phishing site.

On Jan 19, 2018, at 9:32 AM, jwilczek notifications@github.com wrote:

I have verified that the Application Site URL is properly configured within the Global Settings. Also, I have confirmed that all clicks are properly logged in the Apache logs. However, the Reports page show 0 clicks.

This is a phishing frenzy instance that I have used successfully for dozens of tests in the past. This is the first instance where results were not correctly reported in the web UI.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[jwilczek]

I'm not sure what you're asking. The links are unique and valid and PF responds appropriately to each click (i.e., it shows the page). Apache logs the request. But, the results do not show up in PF.

Are you referring to <?php $user = $_GET['id']; ?>

[jwilczek]

I followed the troubleshooting guide. I'm not sure what you were referring to exactly with the PHP tags, but I did nothing different this time than normal. I'd greatly appreciate help in resolving this issue.

[zeknox]

Please provide the results of what happens when you manually created a click even following the troubleshooting guide.

If you dont know what the PHP tags are then you should go back and read the getting started guide and watch the tutorial videos which explain this critical component.

[jclrc]

I am having the same problem. I just set up pf and I have manually created the click event as described in the troubleshooting guide, but I still do not get a click event being processed. I was having problems with opened showing up, but I figured that out. Can you point me in the right direction to resolve this clicked problem? What information can I provide?

Thanks...

[zeknox]

Take a look at the PHP tags which are inserted on the phishing site. Located near /var/www/phishing-frenzy/deployed/:id/. Review the PHP code which has been added to your PHP phishing page. Take a look at the $url variable and make sure this URL looks proper. Then take that URL and test it as the manually click event. Perhaps through this process you'll find a gap.

[jclrc]

Thanks for the quick response! I did what you said and I was able to generate a manual click event with the URL found in the PHP tags and using the victim UID. The click did show up that way, but it still does not show when I go to the phish page. For example: I go to https://my-phishing-server.com/reports/results/?uid=00000000 and it generates a manual click event, but when I go to the phish page http://intel.domain.com/?uid=00000000 nothing is generated. Sorry, but I am still missing something.

Thank You

[zeknox]

Based on what you stated, you must have my-phishing-server.com defined within the Global Settings > Application URL?

The only thing I can think of off hand would be to ensure the Phishing Frenzy server is able to resolve the FQDN (my-phishing-server.com). If it can't resolve it, then that would be the issue, and you could remediate that with a DNS entry or editing the hosts file.

[jclrc]

Yes, we have my-phishing-server.com is in the Application Site URL field in Global Settings.

We have already setup the DNS for PF server and for our phish pages. From the PF server you can ping both the PF server and phish pages by FQDN. And from the test clients you can ping them as well.

More info: I followed the Installing Phishing Frenzy on Ubuntu Linux guide from the site. Then in order to get PHP working I had to install php7.

If you can think of anything else I will be more than happy to try it.

Thanks....

[zeknox]

@jclrc you're situation really sounds like PHP is not getting invoked or rendered properly when visiting the phishing page.

Perhaps you could try adding some simple PHP on the same page to see if it works properly. Another item might be to enable PHP errors, restart apache and see if loading page shows any errors when rendering the phishing site.

[jclrc]

Found through turning on PHP error reporting that there was a problem with the SSL cert. I changed my PF server back to just regular HTTP and everything (opens, clicks, and harvesting) is working now.

Not sure what was wrong with the SSL since I followed the guide, but at least I can do some testing now.

Thanks for you help!

[zeknox]

Awesome, good work!

[zeknox]

The PHP configuration on the system may have some strict requirements for the SSL connection. Perhaps you're running a self-signed certificate on the PF interface and it didn't like that.

[jclrc]

It is a self-signed cert.... I am just going to leave is on http though for now, I will try to troubleshoot the SSL later after I get a chance to play with PF for a bit. Thanks for your help!