All seems to be working - but getting this error
Opened this issue · 7 comments
Hi - all seems to be working now - but in testing - when the "victim" clicks the phishing URL they get re-directed correctly - but in the humble_chameleon server the following error appears:
<victimIP>:POST:https://<Phishing URL>/sockjs/843/niacqzxw/xhr problem with:https://<target1-safe URL>/images/manifest.json (node:24319) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'rawBody' of undefined at humble_proxy (/root/tools/humble_chameleon/index.js:249:41) at process._tickCallback (internal/process/next_tick.js:68:7) (node:24319) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1) (node:24319) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
What does this error mean - does it mean that the 'safe site' (target1) is not accessible (possibly due to a sub domain used in the phishing link)?
Thanks for any response.
Can you share your config? Make sure you only use domains as targets. Not subdomains or URLs
Also, can you share what your link looks like?
Hi - this is my config (redacted information):
{ "phishingurl.com": { "primary_target": "safesite.com", "secondary_target": "reltarget.com", "search_string": "https://blog.phishingurl.com/home?id=", "wwwroot": "Login2", "tracking_cookie": "cla_cookie", "replacements": { "string_to_be_replaced": "replacement_string" }, "custom_headers": {}, "snitch": { "snitch_string": "Logoff", "redirect_url": "https://blog.realtarget.com/home/" }, "logging_endpoint": { "host": "phishmongerserver.com", "url": "/create_event", "auth_cookie": "admin_cookie=secretcookie" } } }
This is what my link looks like:
https://blog.phishingdomain.com/home/
id= whatever gets added after /home
Your search string should just be a GET parameter, and not a URL. In this case "id", however, I would normally go for something that is less likely to randomly be included somewhere in a URL, like "user_id".
ok - I have changed the search string in config to just id(in this instance). getting the following error when I click on the phishing link in a test email:
problem with:https://blog.safeurl.com/images/manifest.json (node:34761) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'rawBody' of undefined at humble_proxy (/root/tools/humble_chameleon/index.js:249:41) at process._tickCallback (internal/process/next_tick.js:68:7) (node:34761) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1) (node:34761) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
Is this expected (I see the error references "id:1" The 'safe url' I have used does not have a 'blog.' subdomain - is this the issue? - do I need a 'safe' url that has the same subdomains as the real target?
That is the "issue" in this case, yes. But it is still keeping your domain safe from crawlers checking out the domain. So the attack is working just fine?
Yes - everything is working how it should - I just wondered about the error, but it looks like all unauthenticated access gets blocked :).