# Landing Pages

A "Landing Page" is the HTML content returned when targets click on the links in Gophish emails.

Landing pages have the following structure:

```
{
  id                  : int64
  name                : string
  html                : string
  capture_credentials : bool
  capture_passwords   : bool
  modified_date       : string(datetime)
  redirect_url        : string
}
```

## Get Landing Pages

<mark style="color:blue;">`GET`</mark> `https://localhost:3333/api/pages/`

Returns a list of landing pages.

#### Headers

| Name          | Type   | Description     |
| ------------- | ------ | --------------- |
| Authorization | string | A valid API key |

{% tabs %}
{% tab title="200 " %}

```javascript
[  
 {
    "id": 1,
    "name": "Example Page",
    "html": "<html><head></head><body>This is a test page</body></html>",
    "capture_credentials": true,
    "capture_passwords": true,
    "redirect_url": "http://example.com",
    "modified_date": "2016-11-26T14:04:40.4130048-06:00"
  }
]
```

{% endtab %}
{% endtabs %}

## Get Landing Page

<mark style="color:blue;">`GET`</mark> `https://localhost:3333/api/pages/:id`

Returns a landing page given an ID.

#### Path Parameters

| Name | Type    | Description         |
| ---- | ------- | ------------------- |
| id   | integer | The landing page ID |

#### Headers

| Name          | Type   | Description     |
| ------------- | ------ | --------------- |
| Authorization | string | A valid API key |

{% tabs %}
{% tab title="200 " %}

```javascript
{
   "id": 1,
   "name": "Example Page",
   "html": "<html><head></head><body>This is a test page</body></html>",
   "capture_credentials": true,
   "capture_passwords": true,
   "redirect_url": "http://example.com",
   "modified_date": "2016-11-26T14:04:40.4130048-06:00"
}
```

{% endtab %}

{% tab title="404 " %}

```javascript
{
  "message": "Page not found",
  "success": false,
  "data": null
}
```

{% endtab %}
{% endtabs %}

Returns a 404 error if the specified landing page isn't found.

## Create Landing Page

<mark style="color:green;">`POST`</mark> `https://localhost:3333/api/pages/`

Creates a landing page.

#### Headers

| Name          | Type   | Description     |
| ------------- | ------ | --------------- |
| Authorization | string | A valid API key |

#### Request Body

| Name    | Type   | Description                                               |
| ------- | ------ | --------------------------------------------------------- |
| Payload | object | The JSON representation of the landing page to be created |

{% tabs %}
{% tab title="201 " %}

```javascript
{
   "id": 1,
   "name": "Example Page",
   "html": "<html><head></head><body>This is a test page</body></html>",
   "capture_credentials": true,
   "capture_passwords": true,
   "redirect_url": "http://example.com",
   "modified_date": "2016-11-26T14:04:40.4130048-06:00"
}
```

{% endtab %}
{% endtabs %}

This method expects the landing page to be provided in JSON format. You must provide a landing page `name` and the `html` for the landing page.

{% hint style="info" %}
**Importing a Site**

Let Gophish do the hard work for you by importing a site. By using the [Import Site](#import-site) endpoint, you can simply give Gophish a URL and have the site fetched for you and returned in a format that can be used with this method.
{% endhint %}

#### Capturing Credentials

Capturing credentials is a powerful feature of Gophish. By setting certain flags, you have the ability to capture all user input, or just non-password input.

To capture credentials, set the `capture_credentials` attribute. If you want to capture passwords as well, set the `capture_passwords` attribute.

By default, Gophish will not capture passwords, as they are stored in plaintext.

Gophish also provides the ability to redirect users to a URL after they submit credentials. This is controlled by setting the `redirect_url` attribute.

## Modify Landing Page

<mark style="color:orange;">`PUT`</mark> `https://localhost:3333/api/pages/:id`

Modifies an existing landing page.

#### Path Parameters

| Name | Type    | Description                          |
| ---- | ------- | ------------------------------------ |
| id   | integer | The ID of the landing page to modify |

#### Headers

| Name          | Type   | Description     |
| ------------- | ------ | --------------- |
| Authorization | string | A valid API key |

#### Request Body

| Name    | Type   | Description                                                |
| ------- | ------ | ---------------------------------------------------------- |
| Payload | object | The JSON representation of the landing page to be modified |

{% tabs %}
{% tab title="200 " %}

```javascript
{
   "id": 1,
   "name": "Example Page",
   "html": "<html><head></head><body>This is a test page</body></html>",
   "capture_credentials": true,
   "capture_passwords": true,
   "redirect_url": "http://example.com",
   "modified_date": "2016-11-26T14:04:40.4130048-06:00"
}
```

{% endtab %}

{% tab title="404 " %}

```javascript
{
  "message": "Page not found",
  "success": false,
  "data": null
}
```

{% endtab %}
{% endtabs %}

Returns a 404 error if the specified landing page isn't found.

This method expects the landing page to be provided in JSON format. You must provide a full landing page, not just the fields you want to update.

This method returns the JSON representation of the landing page that was modified.

## Delete Landing Page

<mark style="color:red;">`DELETE`</mark> `https://localhost:3333/api/pages/:id`

Deletes a landing page.

#### Path Parameters

| Name | Type    | Description                          |
| ---- | ------- | ------------------------------------ |
| id   | integer | The ID of the landing page to delete |

#### Headers

| Name          | Type   | Description     |
| ------------- | ------ | --------------- |
| Authorization | string | A valid API key |

{% tabs %}
{% tab title="200 " %}

```javascript
{
  "message": "Page Deleted Successfully",
  "success": true,
  "data": null
}
```

{% endtab %}

{% tab title="404 " %}

```javascript
{
  "message": "Page not found",
  "success": false,
  "data": null
}
```

{% endtab %}
{% endtabs %}

Returns a 404 error if the specified landing page isn't found.

This method returns a status message indicating the landing page was deleted successfully.

## Import Site

<mark style="color:green;">`POST`</mark> `https://localhost:3333/api/import/site`

Fetches a URL to be later imported as a landing page

#### Headers

| Name          | Type   | Description     |
| ------------- | ------ | --------------- |
| Authorization | string | A valid API key |

#### Request Body

| Name               | Type    | Description                                                                                                       |
| ------------------ | ------- | ----------------------------------------------------------------------------------------------------------------- |
| include\_resources | boolean | Whether or not to create a `<base>` tag in the resulting HTML to resolve static references (recommended: `false`) |
| url                | string  | The URL to fetch                                                                                                  |

{% tabs %}
{% tab title="200 " %}

```javascript
{
    "html": "<html><head>..."
}
```

{% endtab %}
{% endtabs %}

This endpoint simply fetches and returns the HTML from a provided URL. If `include_resources` is `false` (recommended), a `<base>` tag is added so that relative links in the HTML resolve from the original URL.

Additionally, if the HTML contains form elements, this endpoint adds another input, `__original_url`, that points to the original URL. This makes it possible to replay captured credentials later.

{% hint style="info" %}
**Note:** This API endpoint doesn't actually create a new landing page. Instead, you can use the HTML returned from this endpoint as an input to the [Create Landing Page](#create-landing-page) method.
{% endhint %}