With the Page Editor, you can fine-tune and edit all the web pages or sub pages from all scenario types. This includes:
The editor can only save html code which is compliant with W3C standard. You can always check your code with this validation service: https://validator.w3.org/. Code which is not W3C conform will not be saved by LUCY.
The html pages can be edited either in the generic template section or within a campaign. If you change them in the generic template section the changes will remain for all campaigns that use that template in the future. Therefore it might be better to make the changes of a page within a campaign. This will change only the template within that specific campaign.
Every page and script can be edited. To get started you must first select the page within the dropdown menu that you want to edit:
There are two editing modes:
If you want to switch to the source code editing mode you can use one of the two available buttons:
You can create a new page by going to actions –> new. Then give your page a name and tell LUCY what type it is (this matters: if you select a “web based” type, then the WYSIWYG editor will be missing the Trojan simulation buttons. To be on the safe side we recommend using the mixed type).
To add content to the new page you can now either:
The LUCY Customized WYSIWYG editor allows you to insert tables, forms, objects, etc. You can also right mouse click on objects in the Preview and you will see more editing options. The editor has some Special Buttons which will help you to create a phishing page within minutes.
Once the cursor appears you can click on “insert login form”. Select the login form design you want to insert and then press ok:
As soon as you did that the login form will appear inside the layer, which you can still move around or change its properties within the source code.
You can upload any file or image using the build in file manager. The file manager can be accessed within the according scenario when you edit the landing page:
You can use the upload button to upload the files or simply drag and drop one or multiple file into the browser. Depending on the file type LUCY will automatically place the files in the correct directory (images are later stored in a central image repository).
LUCY is recording ALL data send back to the landing page in a form POST request. So the form action has to look like:
But in order for LUCY to apply regular expressions in a login field the login form should use a POST method and set the login action to “?login”, you also need to set the name of the login field to “login” and the name of the password field to “password”. A valid login field on LUCY where regular expressions can be applied might look like this:
<form action="?login" class="login-form" method="post" name="login-form"> <div class="content"><input class="input username" name="login" placeholder="Username" type="text" /> <input class="input password" name="password" placeholder="Password" type="password" /> <div class="footer"><input class="button" name="submit" type="submit" value="Login" /></div> </form>
Each input field must have a name attribute to be submitted. If the name attribute is omitted, the data of that input field will not be sent at all. This example will only submit the “User Name” input field:
<form action=""> User name:<br> <input type="text" name="name" value="User"><br> Password:<br> <input type="text" value="Password"><br><br> <input type="submit" value="Submit"> </form>
The system uses 2 predefined file names for all pages that simulate some sort of a login:
Example 1 - Links on page within the “authenticated area”. If you create a index.html page where you ask the user to submit some form data to LUCY, LUCY will automatically assume the user is now “authenticated” and will write a cookie “auth=1”. On the second page (e.g. account.html) you can place a link in the code similar to this one:
<a href="mypage.html">This is a link to "mypage"</a>
All you need to do is now create a mypage.html in LUCY and save it. It does not need any special directory. It also does not need the %link% variable appended in the source code.
Example 2 - Links within the index.html page, without submitting any data: If that cookie (auth=1) does not exist, LUCY will think no authentication has been done and therefore always redirect the user back to the index page. As a result links will not work yet. You can create the following code in order for this to work (make sure you append “%link%” to the page that you want to have linked):
<body> <script>document.cookie = "auth=1";</script> <a href="%link%/page6.html">This is a link to "page6"</a> </body>
Test: Here is a live example with the links described above.
You may use the following variables in the template:
Question: How can the files in a template be changed? For example, if I used the eFax template, how can I change the pdf to one that I created?
Answer: There are different ways to change that. One option is just to double-click on the link or button that contains the link to the file and then choose the upload tab to upload your own file. In case you want to upload a trackable PDF you could also use the quick editing buttons in the editor:
Question: How can I upload a custom image in a landing page and link it to a custom designed word file that contains a macro simulation?
Use your mouse cursor to select the position in the template where you want to upload the image to (1). Click on the button “upload image or file” (2). This opens a popup menu with multiple tabs. Click on the 3rd tab “upload” and select the image which you want to upload (3). Click on “send to server” (4). After the image has been uploaded click on ok (5) to insert the image.
In case you cannot place the mouse cursor, you can also insert a layer (a). You can move the layer to the desired position and then insert the cursor where it says “insert your text” (b).
Now you need to link the image to the malware simulation. In case you use the standard malware simulations within the file template section you can click on the image, then on the link symbol in the editor and insert a link like this example: %static%/info.doc?track (for the file template “MACRO - POST ONLY”). The “?track” variable at the end of the link allows you to track the download of the file. In case you want to customize the malware simulation you first need to make a copy of the according file template (a), then click on the copied file template (b) and download the according word file ©.
Now you can re-design (d) and rename (e) the file template. Make sure that the Macro is disabled during the whole opening & editing process:
Once you are done, you can upload the customized file template back to LUCY (f) and give it a new name (g). Please save the changes once you are done.
Next go back to the landing page editor and select the image you uploaded (1). Now click on the button “link symbol” (2). Insert the link to the new malware simulation. In case the word file is called “my-doc.doc” the path must be “%static%/my_doc.doc?track” (3). Please press ok and then save the changes to your template.
Please make sure that the malware simulation dropdown item points to your new custom malware simulation (1). If you preview (2) the template and test the download button, you should then see the custom word template being downloaded if you click on your custom image.