Landing Pages
A "Landing Page" is the HTML content returned when targets click on the links in Gophish emails.
Landing pages have the following structure:
{
id : int64
name : string
html : string
capture_credentials : bool
capture_passwords : bool
modified_date : string(datetime)
redirect_url : string
}Get Landing Pages
GET https://localhost:3333/api/pages/
Returns a list of landing pages.
Headers
Authorization
string
A valid API key
[
{
"id": 1,
"name": "Example Page",
"html": "<html><head></head><body>This is a test page</body></html>",
"capture_credentials": true,
"capture_passwords": true,
"redirect_url": "http://example.com",
"modified_date": "2016-11-26T14:04:40.4130048-06:00"
}
]Get Landing Page
GET https://localhost:3333/api/pages/:id
Returns a landing page given an ID.
Path Parameters
id
integer
The landing page ID
Headers
Authorization
string
A valid API key
Returns a 404 error if the specified landing page isn't found.
Create Landing Page
POST https://localhost:3333/api/pages/
Creates a landing page.
Headers
Authorization
string
A valid API key
Request Body
Payload
object
The JSON representation of the landing page to be created
This method expects the landing page to be provided in JSON format. You must provide a landing page name and the html for the landing page.
Capturing Credentials
Capturing credentials is a powerful feature of Gophish. By setting certain flags, you have the ability to capture all user input, or just non-password input.
To capture credentials, set the capture_credentials attribute. If you want to capture passwords as well, set the capture_passwords attribute.
By default, Gophish will not capture passwords, as they are stored in plaintext.
Gophish also provides the ability to redirect users to a URL after they submit credentials. This is controlled by setting the redirect_url attribute.
Modify Landing Page
PUT https://localhost:3333/api/pages/:id
Modifies an existing landing page.
Path Parameters
id
integer
The ID of the landing page to modify
Headers
Authorization
string
A valid API key
Request Body
Payload
object
The JSON representation of the landing page to be modified
Returns a 404 error if the specified landing page isn't found.
This method expects the landing page to be provided in JSON format. You must provide a full landing page, not just the fields you want to update.
This method returns the JSON representation of the landing page that was modified.
Delete Landing Page
DELETE https://localhost:3333/api/pages/:id
Deletes a landing page.
Path Parameters
id
integer
The ID of the landing page to delete
Headers
Authorization
string
A valid API key
Returns a 404 error if the specified landing page isn't found.
This method returns a status message indicating the landing page was deleted successfully.
Import Site
POST https://localhost:3333/api/import/site
Fetches a URL to be later imported as a landing page
Headers
Authorization
string
A valid API key
Request Body
include_resources
boolean
Whether or not to create a <base> tag in the resulting HTML to resolve static references (recommended: false)
url
string
The URL to fetch
This endpoint simply fetches and returns the HTML from a provided URL. If include_resources is false (recommended), a <base> tag is added so that relative links in the HTML resolve from the original URL.
Additionally, if the HTML contains form elements, this endpoint adds another input, __original_url, that points to the original URL. This makes it possible to replay captured credentials later.
Last updated