logo
logo

How to hack Wi-Fi for fun and imprisonment with crypto-mining inject

avatar
John Johannes
img

Thanks to the ridiculous valuation of Bitcoin and other cryptocurrencies, cryptomining code has become a common mechanism for converting authorized and stolen computing cycles into potential cash.

Antivirus and ad-blocker makers have responded by trying to halt crafty coin-crafting code from hijacking CPU time, particularly in browsers.

For those interested in violating computer laws – please, don't – and those interested in computer security research projects, a developer named Arnau, based in Spain, has published a proof-of-concept walkthrough for hacking public Wi-Fi networks to inject crypto-mining code in connected browsing sessions.

CoffeeMiner is a project that allows the sort of man-in-the-middle attack that has been used by cyber thieves in Starbucks cafes and doubtless elsewhere.

The CoffeeMiner script is designed to spoof Address Resolution Protocol (ARP) messages on a local area network in order to intercept unencrypted traffic from other devices on the network.

It turn conducts a man-in-the-middle attack using software called mitmproxy to inject the following line of HTML code into non-HTTPS, or otherwise non-encrypted, webpages requested by others on the networks:When loaded, these webpages run the JavaScript and siphon CPU time to generate Monero, a cryptocurrency, using CoinHive's crypto-mining software.

collect
0
avatar
John Johannes
guide
Zupyak is a free content platform for publishing and discovering stories, software and startups.