Landing Pages
A "Landing Page" is the HTML content returned when targets click on the links in Gophish emails.
Landing pages have the following structure:
Get Landing Pages
GET
https://localhost:3333/api/pages/
Returns a list of landing pages.
Headers
Name | Type | Description |
---|---|---|
Authorization | string | A valid API key |
Get Landing Page
GET
https://localhost:3333/api/pages/:id
Returns a landing page given an ID.
Path Parameters
Name | Type | Description |
---|---|---|
id | integer | The landing page ID |
Headers
Name | Type | Description |
---|---|---|
Authorization | string | A valid API key |
Returns a 404 error if the specified landing page isn't found.
Create Landing Page
POST
https://localhost:3333/api/pages/
Creates a landing page.
Headers
Name | Type | Description |
---|---|---|
Authorization | string | A valid API key |
Request Body
Name | Type | Description |
---|---|---|
Payload | object | The JSON representation of the landing page to be created |
This method expects the landing page to be provided in JSON format. You must provide a landing page name
and the html
for the landing page.
Importing a Site
Let Gophish do the hard work for you by importing a site. By using the Import Site endpoint, you can simply give Gophish a URL and have the site fetched for you and returned in a format that can be used with this method.
Capturing Credentials
Capturing credentials is a powerful feature of Gophish. By setting certain flags, you have the ability to capture all user input, or just non-password input.
To capture credentials, set the capture_credentials
attribute. If you want to capture passwords as well, set the capture_passwords
attribute.
By default, Gophish will not capture passwords, as they are stored in plaintext.
Gophish also provides the ability to redirect users to a URL after they submit credentials. This is controlled by setting the redirect_url
attribute.
Modify Landing Page
PUT
https://localhost:3333/api/pages/:id
Modifies an existing landing page.
Path Parameters
Name | Type | Description |
---|---|---|
id | integer | The ID of the landing page to modify |
Headers
Name | Type | Description |
---|---|---|
Authorization | string | A valid API key |
Request Body
Name | Type | Description |
---|---|---|
Payload | object | The JSON representation of the landing page to be modified |
Returns a 404 error if the specified landing page isn't found.
This method expects the landing page to be provided in JSON format. You must provide a full landing page, not just the fields you want to update.
This method returns the JSON representation of the landing page that was modified.
Delete Landing Page
DELETE
https://localhost:3333/api/pages/:id
Deletes a landing page.
Path Parameters
Name | Type | Description |
---|---|---|
id | integer | The ID of the landing page to delete |
Headers
Name | Type | Description |
---|---|---|
Authorization | string | A valid API key |
Returns a 404 error if the specified landing page isn't found.
This method returns a status message indicating the landing page was deleted successfully.
Import Site
POST
https://localhost:3333/api/import/site
Fetches a URL to be later imported as a landing page
Headers
Name | Type | Description |
---|---|---|
Authorization | string | A valid API key |
Request Body
Name | Type | Description |
---|---|---|
include_resources | boolean | Whether or not to create a |
url | string | The URL to fetch |
This endpoint simply fetches and returns the HTML from a provided URL. If include_resources
is false
(recommended), a <base>
tag is added so that relative links in the HTML resolve from the original URL.
Additionally, if the HTML contains form elements, this endpoint adds another input, __original_url
, that points to the original URL. This makes it possible to replay captured credentials later.
Note: This API endpoint doesn't actually create a new landing page. Instead, you can use the HTML returned from this endpoint as an input to the Create Landing Page method.
Last updated