Today we’re proud to announce the next release of King Phisher, version 1.10. This release saw extensive changes under the hood to improve the long term experience. One of the notable changes that users will directly benefit from are multiple tweaks to the email messages sent by King Phisher resulting in lower scores when rated with the popular SpamAssassin engine. This means that messages with the same HTML content in the body now have higher chances of reaching the target users’s inbox.
The project has a few new and updated signals in the release making it easier for plugins to do various things. One of which is a new campaign-alert signal, which will be used moving forward to allow different types of alerts from the server to be issued and handled by plugins. Two such plugins exist today, one to freely send SMS alerts via a carriers gateway (just like King Phisher used to) and another to more reliably deliver them using the commercial Clockwork SMS service.
This version features two new client plugins as well. One simply aids in testing how SPAM messages are handled by including the Generic Test for Unsolicited Bulk Email (GTUBE) string. This “magic” value is conceptually equivalent to EICAR for Anti-Virus programs, causing any message containing it to be identified as SPAM. Users can enable this plugin to quickly verify that their SPAM engine is working and test how it handles SPAM messages.
Perhaps more useful however is the new Campaign Message Configuration Manager plugin. This plugin aims to address one commonly requested feature in King Phisher, and that’s the ability to keep the message configuration stored on a per-campaign basis. This allows a user to run multiple campaigns, and upon opening each campaign have all of the settings in the message tab restored. This makes it much easier to quickly switch between campaigns without losing the configuration settings. This plugin also provides some options for how the configuration for a new campaign should be set providing the following three options:
- Start each new campaign with an empty or blank default configuration
- Keep the settings from the last in-use campaign (what King Phisher does now)
- Start a new campaign with a pre-defined configuration
Other backend-centric changes moved away from what we’re referring to as the “legacy” table API in favor of the new GraphQL API. What this means for users is that while this release does bump the RPC version and everyone will need to upgrade their clients, the project will have more flexibility moving forward without needing to do this. Additionally it will allow the server to easily add additional fields for storage in the database. This will by extension make it much easier to add new metrics for tracking in the future.
King Phisher version 1.10.0 can be found under the releases page here: https://github.com/securestate/king-phisher/releases/tag/v1.10.0. Happy Phishing!
