All seems to be working - but getting this error

[ontinternet]

Hi - all seems to be working now - but in testing - when the "victim" clicks the phishing URL they get re-directed correctly - but in the humble_chameleon server the following error appears:

<victimIP>:POST:https://<Phishing URL>/sockjs/843/niacqzxw/xhr problem with:https://<target1-safe URL>/images/manifest.json (node:24319) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'rawBody' of undefined at humble_proxy (/root/tools/humble_chameleon/index.js:249:41) at process._tickCallback (internal/process/next_tick.js:68:7) (node:24319) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1) (node:24319) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

What does this error mean - does it mean that the 'safe site' (target1) is not accessible (possibly due to a sub domain used in the phishing link)?

Thanks for any response.

[fkasler]

Can you share your config? Make sure you only use domains as targets. Not subdomains or URLs

[fkasler]

Also, can you share what your link looks like?

[ontinternet]

Hi - this is my config (redacted information):
{ "phishingurl.com": { "primary_target": "safesite.com", "secondary_target": "reltarget.com", "search_string": "https://blog.phishingurl.com/home?id=", "wwwroot": "Login2", "tracking_cookie": "cla_cookie", "replacements": { "string_to_be_replaced": "replacement_string" }, "custom_headers": {}, "snitch": { "snitch_string": "Logoff", "redirect_url": "https://blog.realtarget.com/home/" }, "logging_endpoint": { "host": "phishmongerserver.com", "url": "/create_event", "auth_cookie": "admin_cookie=secretcookie" } } }

This is what my link looks like:
https://blog.phishingdomain.com/home/

id= whatever gets added after /home

[fkasler]

Your search string should just be a GET parameter, and not a URL. In this case "id", however, I would normally go for something that is less likely to randomly be included somewhere in a URL, like "user_id".

[ontinternet]

ok - I have changed the search string in config to just id(in this instance). getting the following error when I click on the phishing link in a test email:

problem with:https://blog.safeurl.com/images/manifest.json (node:34761) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'rawBody' of undefined at humble_proxy (/root/tools/humble_chameleon/index.js:249:41) at process._tickCallback (internal/process/next_tick.js:68:7) (node:34761) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1) (node:34761) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

Is this expected (I see the error references "id:1" The 'safe url' I have used does not have a 'blog.' subdomain - is this the issue? - do I need a 'safe' url that has the same subdomains as the real target?

[fkasler]

That is the "issue" in this case, yes. But it is still keeping your domain safe from crawlers checking out the domain. So the attack is working just fine?

[ontinternet]

Yes - everything is working how it should - I just wondered about the error, but it looks like all unauthenticated access gets blocked :).