-
Notifications
You must be signed in to change notification settings - Fork 540
Campaign Metrics
Perhaps the most important part of any phishing campaign is the collection of metrics regarding the results. To that end King Phisher collects a variety of metrics for the operator to analyze.
The Opened field for messages will be populated with a timestamp under one of the following two conditions:
- The message was sent with the
tracking_dot_image_tagand the target's email client loads the resource from the King Phisher server. - The first visit for a message is received and the
Openedfield was not already populated. In this case the field will be populated due to knowing that the message must have been opened for the link it contained to have been visited.
Due to the nature of email clients not loading remote images by default, it's important to know that the Opened field is prone to false-negative results.
Visits for a campaign are generally created by the url.webserver link within emails being followed. More specifically, visit metrics are created with a request to a landing page associated with an active (non-expired) campaign is received with a message ID associated with the same campaign.
Upon an initial visit to an active landing page, the client's web browser will be issued a session cookie (whose value is the visit ID). This allows repeat visitors to be aggregated together and prevent a multiple visit metrics to be created when one user clicks the link multiple times.
Credentials for a campaign are created when a username is submitted to any page with a valid session cookie. See the section on Pages For Harvesting Credentials for more information. Only unique combinations of usernames and passwords are logged for each sent message.