Skip to main content

Editing the Landing Page

Editing the credential-harvesting page

Before launching a campaign, you may need to modify a scenario. You must first complete the scenario details, then edit the phishing email, and finally customize the landing page.

  • Click Duplicate on a scenario from the scenario library to open it for editing.

  • Click Continue twice to pass the Details and Email Editing steps.

Landing page editor showing a 1Password-style form, configuration fields, and an HTML editing panel.

1 – Objectives

  • Customize the credential-harvesting page used in a scenario

  • Adjust general information (name, URL, language, redirect…)

  • Edit the content and insert dynamic tokens

  • Preview or edit the HTML code for full control

2 – Prerequisites

  • Admin permissions to modify a scenario

  • A duplicated scenario from the scenario library

3 – Select a landing page

3.1 – Choose a starting landing page

In the list of available landing pages, click Select Landing on the desired card

Landing page card with the Select Landing button highlighted.

Once selected, the step is automatically marked as completed.

Confirmation showing the selected landing page displayed as “Selected” in the scenario configuration.

4 – Edit the landing page general settings

4.1 – Open the editor

  • Click Duplicate on the landing page card

Action menu showing the Duplicate option for a landing page.

  • A panel opens from the right: this is the landing page editor.

4.2 – Editable fields

You can edit:

  • Landing page name

  • Page title

  • Page URL

  • Redirect URL

  • Language

  • Threat type

  • Domain used in the URL

Landing page editor showing the 1Password-style form with configuration fields and HTML editing area.

5 – Edit the landing page content

5.1 – Use the visual editor

From the toolbar, you can:

  • Edit or add text

  • Adjust fonts, formatting, and structure

    Formatting toolbar inside the landing page editor, showing styles, fonts, sizes, and advanced options.

  • Insert dynamic information via tokens

    Open Token menu listing dynamic fields such as Organization’s Name and Organization’s Logo.

5.2 – Use dynamic tokens

The following tokens automatically insert information related to the target or the organization:

Token

Example

Description

{{ target.firstname }}

John

Employee’s first name

{{ target.lastname }}

Doe

Employee’s last name

{{ target.email }}

[email protected]

Employee’s email

{{ organization.name }}

Arsen

Organization name

{{ toImage(organization.logo.url) }}

<img…>

Logo

{{ toImage(organization.logo.url, { heigth:100, width:100 }) }}

<img…>

Resized logo

{{ organization.logo.url }}

URL

Logo URL

{{ formatDate(now, 'short') }}

04/10/2022

Short date

{{ formatDate(now, 'medium') }}

04 Oct. 2022

Medium date

{{ formatDate(now, 'long') }}

Friday, October 14, 2022

Long date

{{ formatDate(now, 'time') }}

14:56

Time

5.3 – Edit the HTML code

  • Click <> to open the full HTML source

  • For advanced editing, copy/paste the code into an external editor

Source Code window showing the complete HTML of the landing page for advanced editing.

5.4 - Best practices for a custom landing page

Note: basic HTML knowledge is required to create a landing page from scratch. To reduce errors, we recommend starting from an existing template, duplicating it, and then only adapting the necessary text, fields, and styling.

For a custom landing page to work properly in a scenario, the fields you want to submit must be included inside an HTML form (<form>), with a submit button of type submit placed inside the form. For example, our provided templates use a structure containing a form, input fields, and then a <button type="submit"> button to trigger the page submission.

When the user submits the form, password fields (<input type="password">) can be present to reproduce a realistic experience, but Arsen does not collect them under any circumstances.

Here is an example of a minimal functional page for your tests:

<!DOCTYPE html>
<html lang="{{ lang }}">
  <head>
    <meta charset="utf-8" />
    <title>Login</title>
  </head>
  <body>
    <main>
      <h1>Log in to your account</h1>

      <form method="post" action="#">
        <label for="email">Email address</label>
        <input
          id="email"
          name="email"
          type="email"
          required
          placeholder="[email protected]"
        />

        <label for="password">Password</label>
        <input
          id="password"
          name="password"
          type="password"
          required
          placeholder="Password"
        />

        <button type="submit">Log in</button>
      </form>
    </main>
  </body>
</html>

Click the 👁️ icon to preview the landing page before validating it.

Example of a Google login page:

Real-time preview of a customized Google-style landing page including password field and dynamic email token.

6 – Configure a Click-Only scenario

6.1 – Enable Click-Only mode

Click the Click Only panel to activate this mode

Click-Only configuration panel showing a Redirect URL field with an error indicating the URL must start with http:// or <a href="https://" target="_blank" rel="nofollow noopener noreferrer">https://</a>.

6.2 – Set the redirect URL

  • Choose the URL employees will be redirected to after clicking the link

In this mode:

  • The credential-harvesting page is disabled

  • Only the click is measured

Related Articles
Editing a Smishing Scenario
Scenarios Library
Customizing a Phishing Scenario
Editing a Phishing Email
Editing a Vishing Scenario and AI Call Settings
Did this answer your question?