Using a custom URL format in GoPhish email - scottgoetz/ansible GitHub Wiki

By default, goPhish uses a preset URL format when generating emails, something like this: https://phishingDomain.com/?rid=RID

For tracking purposes, goPhish runs its own web server that expects the victim to visit a URL in the above format.

An Apache server (Web Redirector) utilizing mod_rewrite and a .htaccess file can be utilized to allow us to use a different URL format in the phishing emails, such as https://phishingDomain.com/clientName/RID/storedata, regardless of the format that the goPhish web server is expecting.

The .htaccess file on the Web Redirector contains a list of regex rules that can be utilized to manipulate the web traffic hitting the Web Redirector in a lot interesting ways. Specifically in this case, we can utilize the .htaccess functionality to remap Victims hitting the custom URL format to the URL format expected by the goPhish server.

Additionally, the Web Redirector can "invisibly" proxy the Victim traffic to the goPhish web server (which is on a different computer altogether), making it so the Victim is not aware that they are "redirected" or visiting a different web server. This allows you to run multiple campaigns from 1 goPhish server. Each campaign could have its own Web Redirector (preventing other campaigns from getting burned) and can have its own custom URL format.

To create a custom URL, manually enter URL into your goPhish email template using the goPhish variable {{.RID}} into a link such as this: https://phishingDomain.com/clientName/{{.RID}}/storedata

Below is an example of a .htaccess file that will redirect a URL in the format of https://phishingDomain.com/clientName/RID/storedata to the goPhish/Core Server at https://goPhishIP/?rid=RID: