qingxp9/WiFi-Miner-Detector

Detecting malicious WiFi with mining cryptocurrency.

WiFi Miner Detector

by qingxp9 @ 360PegasusTeam

Overview

A tool for detecting malicious WiFi with mining cryptocurrency.

Some weeks ago I read a news "Starbucks Wi-Fi Hijacked People's Laptops to Mine Cryptocurrency". The attackers inject the CoinHive javascript miner to HTTP Response, so I write this tool to detect malicious WiFi with miner scripts.

It is based on analyzing the unencrypted 802.11 Data Frame to find keywords in HTTP data, Because this attack is major occured in public open WiFi.

Requirements

sudo apt install python-pip
pip install scapy
pip install scapy_http

And you'll need a WiFi card that supports monitor mode. You can check by running: iw list. Something like:

	Supported interface modes:
		 * IBSS
		 * managed
		 * AP
		 * AP/VLAN
		 * monitor
		 * mesh point

I test on TP-Link TL-WN722N (chipset Atheros AR9271), and it works well.

Usage

sudo python wifi_miner_detector.py wlan0

Now we can only detect CoinHive_Miner, but you can add any rules in HTTPHandler to expand it. Just pull a request if you have any idea.

References

• http://www.freebuf.com/articles/web/161010.html
• https://www.anquanke.com/post/id/95697
• https://twitter.com/qingxp9/status/955690890982449153