Anonymize KingPhisher results

[quitheshit]

Hey KingPhisher Team, i've set up a KingPhisher Server to do an user-awareness-test in a company. Everything works well.

My question: Where in the source code i.e. i can encrypt IP-Adresses, usernames and e-mails to anonymize the test results? Or is there another possibility to anonymize the test-results? I can't find the right place in the source code.

Thank you very much!

[wolfthefallen]

@quitheshit I am happy to hear that everything is working well for you!

All the data for the campaigns are stored in its database. The structure of the database can be found in the docs, database section .

There are three options. First is a plugin option. This is the safest and easiest option as it does not change the data in the database. This method will change the data before it writes it to disk for export. Have the client plugin mimic the data export features to either csv, or xml. Then just adjust the data as it writes it out. As a template you can use our old Anonymous data collector plugin v1.0 . This plugin just makes stats and saves it to a file of the current campaign.

The second advanced second option. Is to create a script that would import king-phisher's database model and manager packages. These are the sqlachemly modules that drive the database access for the server. With this set up a script up to run through all campaigns and see if they are "Expired" or past a certain creation point, if so then you can set all passwords, IP addresses, and email address to a common string such as ` orx`. This way it is still counted for stats but does not expose sensitive information. Just note if you are not careful with this option you could potentially corrupt the database. I recommend copying the database for testing purposes.

The Time consuming option is to use the RPC API. The Table calls in the RPC section through the RPC window will allow you to pull up data look at it and set it. As the RPC terminal is a python shell you have a lot of power, becareful we use this for testing. Again you are changing data in the database with this method. Copy and create a new king-phisher database for testing before doing this with production data. Then just change the config file to point to the new database, and change back when done.

[wolfthefallen]

Oh Forgot a fourth option.

Is to create a server side plugin. Set the plugin to to listen for Request Handlers. To change the data as it comes into the database. Just check the model to make sure the field you are changing is still in line with the database model or you will cause issues.

If you are going to encrypt the data you will then need to have the server unencypt it before sending it to the client when request. You will want to have the plugin monitor the Database Signals, to accomplish this. The Client to server communication is already encrypted traffic as it is all being tunneled through an SSH connection, so you do not have to worry about data in transit.

[quitheshit]

Thank you so much for that quick response, i'll try and let you know about the results!

Edit: The first option doesnt work for me, it doesnt meets the privacy guidelines because the IP-Adresses are still accessible.

PS: KingPhisher is awesome!

[wolfthefallen]

I would highly recommend use the plugin option(s). This way you can update King-Phisher with out causing conflict issues.

Thank you all of the devs and the testing personal appreciates the input.

[quitheshit]

You are right, that would be pretty easy to use. But am i right, that the information saved in the database wont get modified at all? If so, it wouldn't meet the privacy guidelines of my project. (User Information are not allowed to be in access)

[wolfthefallen]

For privacy guidelines you will want to build a server plugin, to alter the information being stored and accessed. To encypt the email address and names you will want to grab it on the Database Insert/update signals. For the IP address you will want to get it on the Request Signals. Then You will want to unencypt it for the client when the information is requested.

If I remember right there was some code added for User Level privileges that you could also utilize to determine if the authenticated user is authorized to view the data, to determine if the data gets un-encrypted before being sent to the client for view. Unfortunately I am not see the documentation for it @zeroSteiner any insight? or where that code part is located?

[zeroSteiner]

You'd want to look into the SQLAlchemy events which is what powers the database in King Phisher. Don't bother with the Published Events, those are for client consumption which isn't what you want here.

Combine that with knowledge of the database schema and you should be set to intercept records before they're committed to the database and then hash them. I highly recommend you keep then looking similar to their original formats, ie use SOMEBASE32ENCODEDBLOGB@encrypted.king-phisher.local for email addresses and encrypt the uint32 value for IPv4 addresses. IPs will be trickier and willy destroy the GeoIP lookups. Would be easier to just set them all to an RFC1918 address and be done with it. This of course wouldn't be reversible though.

[quitheshit]

Thank you very much for your effort, i will let you know how its going! Sadly i'm not into SQLAlchemy.

The GeoIP lookups aren't a thing.

[quitheshit]

Hey @zeroSteiner and @wolfthefallen, i edited the source code to encrypt the fields. Now i installed the modified KingPhisher but when i try to run "KingPhisherServer" in the specific path, it says "command not found".

I installed the install.sh from an local directory, i didn't loaded it from a git.

Thank you for help! I will release the anonymized project once im done.

Edit: problem solved, i just cloned your git into a new repository

[quitheshit]

@zeroSteiner @wolfthefallen I really appreciate your help.

I wormed my way through the code and found the lines where information get safed in the database. I encrypted all sensitive information like IP's, names and emails. The GeoLocation is not longer functional, but in my case it doesnt matter. I am not ready yet. Maybe i will publish the edited code when i'm done.

For users that have the same issue, here are the lines in the specific scripts i edited to encrypt sensitive information. I used the "Fernet encryption" module:

1. server.py - function "def get_client_ip(self)": - encrypted every return value (IP-Adress)
2. misc.py - Class "GeoLocation" - set IP to 127.0.0.1 to avoid crashes
3. campaign.py - function "format_node_data(self, node)" - set visitor_ip = 127.0.0.1, to avoid crashes
4. server_rpc.py - function "_message_new" - target_email, first_name, last_name - encrypted

KingPhishers analysis tools are still fully working, except the GeoIPLocations. (As long the random generated key wont change / you don't restart the server)

RickRoll Rocks!

Users with the same issue: feel free to ask some questions.

[zeroSteiner]

Well it sounds like you got this figured out so I'm going to close this issue. Thanks for the update!