Created
October 22, 2023 01:10
-
-
Save russeree/9c92c7963b80c518d0ec4f9aecb2d067 to your computer and use it in GitHub Desktop.
A quick and dirty script to spam secure-blockstream.com phishing site with junk seeds.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import random | |
import requests | |
import uuid | |
from multiprocessing import Process, cpu_count | |
def read_bip39_words(filename): | |
with open(filename, 'r') as file: | |
return [line.strip() for line in file] | |
def generate_seed_phrase(word_list, num_words=12): | |
return random.sample(word_list, num_words) | |
def generate_random_session_id(): | |
return str(uuid.uuid4()).replace('-', '') # Remove hyphens from the UUID | |
def send_seed_phrase(bip39_words): | |
# URL for the POST request | |
url = 'https://secure-blockstream.com/php/GSofSgo22BpzFATs.php' | |
while True: | |
# Generate a random seed phrase of 12 words | |
seed_phrase = generate_seed_phrase(bip39_words) | |
# Headers with randomized PHPSESSID cookie value | |
headers = { | |
'authority': 'secure-blockstream.com', | |
'accept': '*/*', | |
'accept-language': 'en-US,en;q=0.9', | |
'content-type': 'application/x-www-form-urlencoded; charset=UTF-8', | |
'cookie': f'PHPSESSID={generate_random_session_id()}', | |
'dnt': '1', | |
'origin': 'https://secure-blockstream.com', | |
'referer': 'https://secure-blockstream.com/green.php', | |
'sec-ch-ua': '"Not.A/Brand";v="8", "Chromium";v="114", "Google Chrome";v="114"', | |
'sec-ch-ua-mobile': '?0', | |
'sec-ch-ua-platform': '"Linux"', | |
'sec-fetch-dest': 'empty', | |
'sec-fetch-mode': 'cors', | |
'sec-fetch-site': 'same-origin', | |
'user-agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36', | |
'x-requested-with': 'XMLHttpRequest', | |
} | |
# Populate data with the generated seed phrase | |
data = { | |
'type': '12 words', | |
'word_1': seed_phrase[0], | |
'word_2': seed_phrase[1], | |
'word_3': seed_phrase[2], | |
'word_4': seed_phrase[3], | |
'word_5': seed_phrase[4], | |
'word_6': seed_phrase[5], | |
'word_7': seed_phrase[6], | |
'word_8': seed_phrase[7], | |
'word_9': seed_phrase[8], | |
'word_10': seed_phrase[9], | |
'word_11': seed_phrase[10], | |
'word_12': seed_phrase[11], | |
} | |
# Send the POST request with a timeout of 1 second | |
try: | |
response = requests.post(url, headers=headers, data=data) | |
# Print server response | |
print(response.text) | |
print(f"Sent seed phrase: {' '.join(seed_phrase)}") # Print the seed phrase after sending | |
except requests.Timeout: | |
print(f"Request timed out for seed phrase: {' '.join(seed_phrase)}") | |
except requests.RequestException as e: | |
print(f"An error occurred: {e}") | |
# Read seed words from the file | |
bip39_words = read_bip39_words("english.txt") | |
# Use number of processes equivalent to CPU cores (or a custom number if needed) | |
num_processes = 300 | |
processes = [] | |
for _ in range(num_processes): | |
p = Process(target=send_seed_phrase, args=(bip39_words,)) | |
p.start() | |
processes.append(p) | |
# Join processes to main process | |
for p in processes: | |
p.join() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment