by qingxp9 @ 360PegasusTeam
A tool for detecting malicious WiFi with mining cryptocurrency.
Some weeks ago I read a news "Starbucks Wi-Fi Hijacked People's Laptops to Mine Cryptocurrency". The attackers inject the CoinHive javascript miner to HTTP Response, so I write this tool to detect malicious WiFi with miner scripts.
It is based on analyzing the unencrypted 802.11 Data Frame to find keywords in HTTP data, Because this attack is major occured in public open WiFi.
sudo apt install python-pip
pip install scapy
pip install scapy_http
And you'll need a WiFi card that supports monitor mode. You can check by running: iw list. Something like:
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* monitor
* mesh point
I test on TP-Link TL-WN722N (chipset Atheros AR9271), and it works well.
sudo python wifi_miner_detector.py wlan0
Now we can only detect CoinHive_Miner, but you can add any rules in HTTPHandler to expand it. Just pull a request if you have any idea.