FAQ
Unable to Reach Admin Dashboard
Let's say you've just loaded up Gophish, are trying to reach the admin dashboard, and encounter this error in your logs:
2018/11/15 21:42:22 http: TLS handshake error from 127.0.0.1:51419: tls: first record does not look like a TLS handshakeThis means that you browsed to http://admin_server instead of https://admin_server (note the use of HTTPS).
How to Bypass Spam Filters
There is no fool proof way to bypass spam filters - this is a good thing!
Something that might help increase deliverability is to set up your email infrastructure correctly to support modern email authentication protocols like SPF, DKIM, and DMARC. You can find more information about this here.
However, for tests that aim to measure how users respond to phishing simulations, it's recommend to temporarily whitelist the IP address of the server running Gophish.
Events Aren't Showing Up on the Dashboard
If you are seeing emails being sent successfully, but aren't seeing events show up on the dashboard, it likely means there is a configuration error somewhere. You can follow these tips to help track it down.
Check the Email Template
You want to make sure you're using the {{.URL}} template tag when creating links in your emails. Then, when you launch a campaign, Gophish will fill this in with whatever you use as the "URL" field when creating the campaign.
A good way to see if this is working correctly is to send a test email to yourself when building a campaign and looking at the link. It should be the URL you used when creating the campaign with a unique rid parameter. So, it should look like this: http://your_url/?rid=XXXXX.
Check the Campaign URL
If the links in the email look good and you still don't see events showing up, then the next step is to make sure the URL you're using when building a campaign is correct.
When creating a campaign, the URL field must point to the server running Gophish and must be reachable by the person opening the emails. This can either be the external IP address of the server, or a domain name that has a DNS A record pointing to the server's IP address.
To test this, you can manually browse to the URL you're expecting to use in your campaign. Without any rid parameters provided, you should see a basic 404 page not found error. You should also see a log appear in your Gophish terminal.
Once manually browsing to your URL works, you can try to send a test email to yourself when building a campaign. If it works, you should see your landing page being returned. This means that the URL will likely work when used in a campaign, assuming it is reachable by all recipients.
Submitted Form Data Isn't Being Captured
To capture data submitted through a landing page, you need to create an HTML <form> element on your landing page that has a few specific properties:
Here is a minimal example <form> element which captures data:
<form action="" method="POST">
<input name="username" type="text" placeholder="username" />
<input name="password" type="password" placeholder="password" />
<input type="submit" value="Submit" />
</form>There are a few things to note about this form:
The action is
""so that form submissions are directed to your phishing page and, therefore, to your Gophish serverThe form submission method is
POSTEach input which you expect to see in Gophish has a
nameattribute
Each of these should be checked when troubleshooting HTML forms that don't appear to be sending data correctly.
If you still aren't seeing your form submitted correctly, you may need to review and remove any Javascript on the page interfering with the form submission.
Finally, ensure that when saving the landing page that you have both the "Capture Submitted Data" and "Capture Passwords" (if appropriate) options checked. Otherwise, Gophish will remove the name attributes from your inputs so they aren't submitted with the form.
Last updated