Phishy offers flexibility that allows you to create personalized and effective landing pages. Customize our predefined templates to suit your needs or start by importing your own HTML template directly into the platform. Add new dynamic elements to your page using the plus icon in the content section, and enhance user experience and aesthetics by adding buttons, links, and images.

Import

With the Import feature, you can fetch content from a specified URL and import it into the platform in two different modes:

🔷 Replace Links: This mode allows you to replace the existing links in the imported content with new targets you define. It is particularly useful when you want to update specific URLs or modify a particular link to make your strategy more effective.

🔷 Detailed Import: This option provides a more advanced import process. Some websites, especially those built as SPAs (Single Page Applications), load content dynamically via JavaScript. The detailed import method launches a browser in the background to load the website and then fetches the rendered content. This helps you safely capture the content as the browser can handle dynamic scripts like JavaScript used by the site, and retrieve the page’s exact appearance. This is especially useful if the website has complex structures or interactive elements.

Landing Page Redirect Mechanism

Phishy automatically redirects the user to the /phished page once they interact with the landing page (e.g., typing a character or clicking). However, we offer flexibility for you to run simulations based on your desired scenario.

Each landing page is sent to the user along with the following script generated by Phishy. This script captures the user’s input and redirects them to the /phished page.

<script type="text/javascript">
    // Define the global variables for job ID and domain.
    window.phishy = {
        jobId: "${job.id}",
        domain: "${phishingDomain}"
    }

    // Debounce function to prevent multiple submissions.
    function debounce(func, wait) {
        let timeout;
        return function() {
            clearTimeout(timeout);
            timeout = setTimeout(() => func.apply(this, arguments), wait);
        };
    }

    // Function to submit the form data.
    const submitForm = debounce(() => {
        const inputs = document.querySelectorAll('input');
        inputs.forEach(input => {
            if (!input.value) {
                alert('Please fill in all fields!');
                return;
            }
        });

        const xhr = new XMLHttpRequest();
        xhr.open("POST", `${window.phishy.domain}/?id=${window.phishy.jobId}`, true);
        xhr.setRequestHeader("Content-Type", "application/json");
        xhr.onreadystatechange = function() {
            if (xhr.readyState === 4 && xhr.status === 200) {
                window.location.href = `${window.phishy.domain}/phished?id=${window.phishy.jobId}`;
            }
        };
        xhr.send(JSON.stringify({ data: inputs.map(input => input.value) }));
    }, 500);

    document.querySelectorAll('input').forEach(input => input.addEventListener('keypress', submitForm));
    document.querySelectorAll('a').forEach(anchor => anchor.addEventListener('click', (event) => {
        event.preventDefault();
        submitForm();
    }));
</script>

Customizing the Landing Page with a Custom Script

You can further enhance the user experience and aesthetics of your landing page by adding your own custom script. This script can be used to collect additional data from the user, validate their input, or even redirect them to a different page.

<html>
    <body>
        <div class="login-form">
            <!-- For the form with input fields, we direct the onsubmit event to our custom handleFormSubmit function. -->
            <form onsubmit="handleFormSubmit(event)">
                <!-- Form input fields with the phishy-disable-redirect attribute. -->
                <input type="text" name="username" placeholder="Username" phishy-disable-redirect>
                <input type="password" name="password" placeholder="Password" phishy-disable-redirect>

                <!-- Submit button -->
                <input type="submit" value="Login">
            </form>
        </div>

        <script type="text/javascript">
            // The function that will be triggered when the form is submitted.
            function handleFormSubmit(event){
                event.preventDefault(); // Prevent the default form submission behavior

                // Define variables to check the values of the form input fields. Customize these variables according to your needs.
                var username = document.getElementById('username').value;
                var password = document.getElementById('password').value;

                if (!username || !password) {
                    alert("Please fill in all fields.");
                    return;
                }

                // Send a POST request via XHR.
                var xhr = new XMLHttpRequest();

                // Monitor the status of the XHR request
                xhr.onreadystatechange = function () {
                    const loginForm = document.querySelector(".login-form");

                    if (xhr.readyState === 4 && xhr.status === 200) {
                        // You can directly redirect the user to the /phished page.
                        //window.location.href = window.phishy.domain + "/phished?id=" + window.phishy.jobId;

                        // Alternatively, if you don't want to notify the user about the simulation, you can update the interface as shown below.
                        loginForm.innerHTML = "<h3 style='text-align:center'>Your submission has been received. Thank you.</h3>";
                    } else {
                        loginForm.innerHTML = "<h3 style='text-align:center'>An error occurred. Please try again.</h3>";
                    }
                };

                // Send the XHR request
                xhr.open("POST", `/?id=${window.phishy.jobId}`, true);
                xhr.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
                xhr.send(JSON.stringify({}));
            }
        </script>
    </body>
</html>