Closed pqchc closed 5 years ago
This isn't an issue with SSL. The "lack of valid id" error is occurring because king_phisher creates a unique ID for each phishing email it sends. Only requests with a valid ID token will be acknowledged by the server. King Phisher does this for user tracking as well as to prevent unnecessary traffic.
Try sending yourself a phishing email from the KP client with the {{ url.webserver }}
Jinja tag in the body and open up that link. You'll see what I mean.
Issue Description
I experience an issue when I enable SSL and the results I expected are that Website images are loaded. Instead I am only getting html page and images aren't sent by the WEB server. King-phisher log says 'denying request due to lack of a valid id'.
Reproduction Steps
Environment Details
Host OS: SMP Debian 4.9.130-2 (2018-10-27) x86_64 Client OS: Windows: 10 10.0.17134
King Phisher Version: 1.12.0 Python Version: 3.4.4 Gtk Version: 3.18.9 Timezone: America/New_York
Error Details / Stack Trace
I have used standard credentials grabbing template: https://github.com/securestate/king-phisher-templates/blob/master/Website_Templates/Credentials/Anti-Virus_Update/www/login. I got require_id: false in the server_config.yml With ssl: false all of the images are served by the WEB server without campaign ID and WEB pages renders correctly. When I switch to ssl: true - I see plain html page without styles or images. The king-phisher.log says 'denying request due to lack of a valid id' for those css and image requests.