phishing-frenzy
phishing-frenzy copied to clipboard
pentestgeek
Enable SMTP Delay / Disable Sidekiq
As mentioned in the note for the SMTP Delay option, no delay is applied when Sidekiq is enabled and in use. Rather, the delay is applied to batches of emails being sent. Unfortunately, this is very problematic when sending hundreds of phishing emails for a single campaign. What is the fix or workflow for disabling Sidekiq and enabling the SMTP Delay on a PER EMAIL basis?
You are correct, Sidekiq does not listen to the SMTP Delay option. There are a couple things you can do to address this. Disabled Sending Emails in the Foreground, you can find this option in the Global Settings. Enable the SMTP sending delay that you would like.
If you'd like to chunk it up into smaller batches there is a guide on the website which illustrates how you can send batches in a phased approach. Basically add targets, send to targets, remove those targets, add the new batch of targets, send and repeat.
If I check the Disabled Sending Emails in the Foreground option in Global Settings and then enable the SMTP Delay option, will that delay occur every time one email is sent or only between batches of emails that are sent? I need to ensure that a delay occurs after each email is sent to avoid triggering email filters or IDS/IPS. I also cannot add/remove targets one at a time and then run the campaign because my target list is 500+ emails (not very feasible).
You must not have read the docs because no one said anything about deleting a target individually. I've used the approach described in the docs to send campaigns of many thousands grouping the batches into 500, 1000 size with no issues.
Not sure off hand if it's each email or each batch, the source line is here: https://github.com/pentestgeek/phishing-frenzy/blob/master/app/mailers/phishing_frenzy_mailer.rb#L73
I've read the documentation multiple times. I was referring to your recommendation here:
"Basically add targets, send to targets, remove those targets, add the new batch of targets, send and repeat."
Also, I was not saying that sending batches of hundreds or thousands of emails was an issue. The emails will send just fine, but if the TARGETS are sitting behind any decent email filtering solution or IDS/IPS, most of those emails will not be delivered to the victims' inboxes.
The reason I would like to confirm a way to execute an SMTP delay between each single email is to avoid triggering these security mechanisms.
This is the documentation I was referring too which should address your phased sending approach: https://www.phishingfrenzy.com/resources/getting_started#phased_send
Like I said, the SMTP Delay I don't know off hand if that is per email or per batch. It was a pull request that I accepted.
You certainly could do a simple test campaign with 2 email addresses to test the delay piece.
The sleep(@campaign.campaign_settings.smtp_delay) is in phishing_frenzy_mailer.
Sidekiq calls that via the mail workers so slome sleeping a bit before delivering the mail, but I assume it is doing ~25 jobs at a time, and not introducing a specific delay between them, after the first 25 it may start to be more noticable?
It would be better to get the delay in https://github.com/pentestgeek/phishing-frenzy/blob/master/app/controllers/email_controller.rb, and pass this value to the QueueMailWorker and PhishingFrenzyMailer as an argument.
The sleep could go above https://github.com/pentestgeek/phishing-frenzy/blob/master/app/workers/queue_mail_worker.rb#L16
I have another question on this topic. I am using the delay feature successfully with Sidekiq workers and background email enabled. So that works fine.
My question: Sometimes I want to send-out two different campaigns at the same time, and have them both using delayed sending to deliver the emails in a timespan of 2 hours, for example. The issue is that the first campaign blasts need to finish before the 2nd blast will start. I believe this is normal behavior of the current code, given the fact that a blast is put in the 'default' sidekiq Q.
What would be the easiest approach to have 2 blasts being send out in delayed mode but in true parallel fashion in their own Q, with their own workers?
This is the documentation I was referring too which should address your phased sending approach: https://www.phishingfrenzy.com/resources/getting_started#phased_send
Like I said, the SMTP Delay I don't know off hand if that is per email or per batch. It was a pull request that I accepted.
You certainly could do a simple test campaign with 2 email addresses to test the delay piece.
I just tried to remove the targets from the campaign page, and it also removed the results from the report. Is this something that anyone else has tried to do and had the same problem?
You likely did not click the “Delete all” button which was stated in the documentation, but rather you likely clicked "Clear Stats" from the reports page. They do much different things...
I actually went to the campaign page and clicked the number like you said, but the thing I didn't do was click "delete all" I just clicked the "x" next to an entry and it removed that target from the report as well. I tried "delete all" this time and it worked great. Thanks for the smokin' quick response. I have have worked with PF before and I love it. The only big issues I have had thus far is getting it all set up. I spent ~7 hours on skype with a friend setting it up on Saturday, and we ended up using docker and modifying the Dockerfile that b00stfr3ak made to get it working.
You're correct, the X on the targets page will actually delete the target from the campaign. The "Delete All" will actually toggle the disabled attribute to true but still leave the target for that campaign for stats purposes.
Not Ideal I know, but much bigger fish to fry currently! Hopefully more good things to come.
I certainly appreciate your dedication to this project. I watched your derbycon talk forever ago and am excited to continue using this program. This program is great. Keep up the great work man.
On a side note, I am getting ready to launch a >15,000 email campaign. I'll be using the method above instead of trying to throttle sidekiq. Wish me luck.