为啥呢?看看 内容:

AndyNoel 2021-11-30 17:47:21





之前打CTF的时候,发现自己在信息搜集方面有所欠缺,于是乎去学习了一番Google语法,搭配fofa,就交了几个cnvd和edu src,但是后来在学习的时候,伴随着CPU的升高,发现一段很有意思的前端代码。






The JavaScript Supply Chain Paradox: SRI, CSP and Trust in Third Party Libraries ——Troy Hunt

(JavaScript 供应链悖论:第三方库中的 SRI、CSP 和Trust)


<script src=""type="text/javascript"></script>


试想一下,如果可以修改该脚本并随后在网站上执行自己的任意 JavaScript,那还能发生什么呢?简单的回答 – 几乎任何事情。修改 DOM、重定向用户、加载外部内容、要求访问者安装软件、添加键盘记录器并获取任何非 HTTP 专用 cookie。

CoinHive差不多就基于这个原理,第三方库中的 SRI、CSP 和Trust,其中有人破坏了服务上的 JS 文件并注入了 Coinhive 脚本进去——包含了来自 的 .js 文件和 32 字节密钥的设置。这就是攻击者需要做的所有事情——包括 Coinhive JS,添加他们的密钥,如果他们愿意,还可以切换一些配置。就是这样,工作完成,即时加密!


* 首先得拿到网站的控制权限,植入恶意JS代码。============》这种应该就是属于直接使用coinhive的矿池了。
* 你还得有一个门罗币的钱包地址
* 在CoinHive上注册一个账号,并获得Key
* 将Key替换到JS代码之中



人们往往不喜欢广告,反正,我也是这样(至少不是那些侵犯隐私和带宽的垃圾邮件),但我也喜欢网络上的免费内容,这就是问题所在:如果内容制作者不能在网页上投放广告,那他们如何通过他们的作品获利?很自然,“利用用户的 CPU 能力将您的业务货币化”,这是 Coinhive 的作案手法。

CoinHive不完全是投放广告,而是将基于 JavaScript 的加密货币矿工放在浏览者身上。。。当访问者他们坐在那里阅读内容时,就会正在他们的机器上收获门罗币。他们为 CPU 周期付费以将钱放入门罗币地址所有人的口袋之中。


第二个问题是,由于加密货币的匿名性,每个黑客都想将 Coinhive 放在他们能够运行自己的任意 JavaScript 的任何网站上。














然后我们看看coin hive的原理:后端nodejs服务器运行连接矿池代码,前端js直接miner.start即可。

CoinHive Build Status

Mine cryptocurrencies Monero (XMR) and Electroneum (ETN) using CoinHive from node.js

New: Now you can run this miner on any stratum based pool.

New 2: Now you can mine Electroneum (ETN).

Need a proxy? check coin-hive-stratum.



npm install -g coin-hive



const CoinHive = require('coin-hive');

(async () => {
  // Create miner
  const miner = await CoinHive('ZM4gjqQ0jh0jbZ3tZDByOXAjyotDbo00'); // CoinHive's Site Key

  // Start miner
  await miner.start();

  // Listen on events
  miner.on('found', () => console.log('Found!'));
  miner.on('accepted', () => console.log('Accepted!'));
  miner.on('update', data =>
    Hashes per second: ${data.hashesPerSecond}
    Total hashes: ${data.totalHashes}
    Accepted hashes: ${data.acceptedHashes}

  // Stop miner
  setTimeout(async () => await miner.stop(), 60000);




coin-hive ZM4gjqQ0jh0jbZ3tZDByOXAjyotDbo00  ==》命令行也是可以滴!


  --username        Set a username for the miner
  --interval        Interval between updates (logs)
  --port            Port for the miner server
  --host            Host for the miner server
  --threads         Number of threads for the miner
  --throttle        The fraction of time that threads should be idle
  --proxy           Proxy socket 5/4, for example: socks5://
  --puppeteer-url   URL where puppeteer will point to, by default is miner server (host:port)
  --miner-url       URL of CoinHive's JavaScript miner, can be set to use a proxy
  --dev-fee         A donation to the developer, the default is 0.001 (0.1%)
  --pool-host       A custom stratum pool host, it must be used in combination with --pool-port
  --pool-port       A custom stratum pool port, it must be used in combination with --pool-host
  --pool-pass       A custom stratum pool password, if not provided the default one is 'x'



  • CoinHive(siteKey[, options]): Returns a promise of a Miner instance. It requires a CoinHive Site Key. The options object is optional and may contain the following properties:

    • username: Set a username for the miner. See CoinHive.User.

    • interval: Interval between update events in ms. Default is 1000.

    • port: Port for the miner server. Default is 3002.

    • host: Host for the miner server. Default is localhost.

    • threads: Number of threads. Default is navigator.hardwareConcurrency (number of CPU cores).

    • throttle: The fraction of time that threads should be idle. Default is 0.

    • proxy: Puppeteer’s proxy socket 5/4 (ie: socks5:// ==》居然支持代理!!!

    • launch: The options that will be passed to puppeteer.launch(options). See Puppeteer Docs.

    • pool: This allows you to use a different pool. It has to be an Stratum based pool. This object must contain the following properties:

      • host: The pool’s host.

      • port: The pool’s port.  ==》看到了吧,设置矿池是在服务端做的!!!

      • pass: The pool’s password. If not provided the default one is "x".

    • devFee: A donation to send to the developer. Default is 0.001 (0.1%).

  • miner.start(): Connect to the pool and start mining. Returns a promise that will resolve once the miner is started.

  • miner.stop(): Stop mining and disconnect from the pool. Returns a promise that will resolve once the miner is stopped.

  • miner.kill(): Stop mining, disconnect from the pool, shutdown the server and close the headless browser. Returns a promise that will resolve once the miner is dead.

  • miner.on(event, callback): Specify a callback for an event. The event types are:

    • update: Informs hashesPerSecond, totalHashes and acceptedHashes.

    • open: The connection to our mining pool was opened. Usually happens shortly after miner.start() was called.

    • authed: The miner successfully authed with the mining pool and the siteKey was verified. Usually happens right after open.

    • close: The connection to the pool was closed. Usually happens when miner.stop() was called.

    • error: An error occured. In case of a connection error, the miner will automatically try to reconnect to the pool.

    • job: A new mining job was received from the pool.

    • found: A hash meeting the pool’s difficulty (currently 256) was found and will be send to the pool.

    • accepted: A hash that was sent to the pool was accepted.

  • miner.rpc(methodName, argsArray): This method allows you to interact with the CoinHive miner instance. It returns a Promise that resolves the the value of the remote method that was called. The miner instance API can be found here. Here’s an example:

var miner = await CoinHive('SITE_KEY');
await miner.rpc('isRunning'); // false
await miner.start();
await miner.rpc('isRunning'); // true
await miner.rpc('getThrottle'); // 0
await miner.rpc('setThrottle', [0.5]);
await miner.rpc('getThrottle'); // 0.5


Environment Variables

All the following environment variables can be used to configure the miner from the outside:

  • COINHIVE_SITE_KEY: CoinHive’s Site Key

  • COINHIVE_USERNAME: Set a username to the miner. See CoinHive.User.

  • COINHIVE_INTERVAL: The interval on which the miner reports an update

  • COINHIVE_THREADS: Number of threads

  • COINHIVE_THROTTLE: The fraction of time that threads should be idle

  • COINHIVE_PORT: The port that will be used to launch the server, and where puppeteer will point to

  • COINHIVE_HOST: The host that will be used to launch the server, and where puppeteer will point to

  • COINHIVE_PUPPETEER_URL: In case you don’t want to point puppeteer to the local server, you can use this to make it point somewhere else where the miner is served (ie: COINHIVE_PUPPETEER_URL=

  • COINHIVE_MINER_URL: Set the CoinHive JavaScript Miner url. By defualt this is You can set this to use a CoinHive Proxy.

  • COINHIVE_PROXY: Puppeteer’s proxy socket 5/4 (ie: COINHIVE_PROXY=socks5://

  • COINHIVE_DEV_FEE: A donation to the developer, the default is 0.001 (0.1%).

  • COINHIVE_POOL_HOST: A custom stratum pool host, it must be used in combination with COINHIVE_POOL_PORT.

  • COINHIVE_POOL_PORT: A custom stratum pool port, it must be used in combination with COINHIVE_POOL_HOST.

  • COINHIVE_POOL_PASS: A custom stratum pool password, if not provided the default one is ‘x’.




Can I run this on a different pool than CoinHive’s?

Yes, you can run this on any pool based on the Stratum Mining Protocol.

const CoinHive = require('coin-hive');
(async () => {
  const miner = await CoinHive('<YOUR-MONERO-ADDRESS>', {
    pool: {
      host: '',
      port: 3333,
      pass: '<YOUR-PASSWORD-FOR-POOL>' // default 'x' if not provided
  await miner.start();
  miner.on('found', () => console.log('Found!'));
  miner.on('accepted', () => console.log('Accepted!'));
  miner.on('update', data =>
    Hashes per second: ${data.hashesPerSecond}
    Total hashes: ${data.totalHashes}
    Accepted hashes: ${data.acceptedHashes}

Now your CoinHive miner would be mining on pool, using your monero address.

You can also do this using the CLI:

coin-hive <YOUR-MONERO-ADDRESS> --pool-port=3333 --pool-pass=<YOUR-PASSWORD-FOR-POOL>


Can I mine other cryptocurrency than Monero (XMR)?

Yes, you can also mine Electroneum (ETN), you can actually mine on any pool based on the Stratum Mining Protocol and any coin based on CryptoNight.

You can go get you ETN wallet from if you don’t have one.

const CoinHive = require('coin-hive');
const miner = await CoinHive('<YOUR-ELECTRONEUM-ADDRESS>', {
  pool: {
    host: '',
    port: 3333

Now your CoinHive miner would be mining on pool, using your electroneum address.

You can also do this using the CLI:

coin-hive <YOUR-ELECTRONEUM-ADDRESS> --pool-port=3333

One of the features of Electroneum is that it has a difficulty of 100, while CoinHive’s is 256.


Can I run this on Heroku?

No, it violates the TOS.

Also, since Puppeteer requires some additional dependencies that aren’t included on the Linux box that Heroku spins up for you, you need to go to your app’s Settings > Buildpacks first and add this url:

On the next deploy, your app will also install the dependencies that Puppeteer needs to run.


Can I run this on Docker?

You’ll need to install the latest version of Chrome and Puppeteer’s dependencies in your Dockerfile:

FROM node:8-slim

# Install latest chrome and puppeteer dependencies
RUN wget -q -O - | apt-key add - &&\
sh -c 'echo "deb stable main" >> /etc/apt/sources.list.d/google-chrome.list' &&\
apt-get update &&\
apt-get install -y google-chrome-unstable gconf-service libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget

# Install coin-hive
RUN npm i -g coin-hive --unsafe-perm=true --allow-root

# Run coin-hive
CMD coin-hive <site-key>


Which version of Node.js do I need?

Node v8+




I’m having errors on Ubuntu/Debian

Install these dependencies:

sudo apt-get -y install gconf-service libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget libxext6


I’m getting an Error: EACCES: permission denied when installing the package

Try installing the package using this:

sudo npm i -g coin-hive --unsafe-perm=true --allow-root


An error occured Failed to launch chrome!

Try changing chromium’s executable path to /usr/bin/chromium-browser, like this:

const miner = await CoinHive('site-key', {
  launch: {
    executablePath: '/usr/bin/chromium-browser',
    args: ['--disable-setuid-sandbox', '--no-sandbox']

For more info check issue #54



This project is not endorsed by or affiliated with in any way.



This project is pre-configured for a 0.1% donation. This can be easily toggled off programatically, from the CLI, or via environment variables. If you do so, but you still want to show your support, you can buy me a beer with magic internet money:

BTC: 16ePagGBbHfm2d6esjMXcUBTNgqpnLWNeK
ETH: 0xa423bfe9db2dc125dd3b56f215e09658491cc556
XMR: 46WNbmwXpYxiBpkbHjAgjC65cyzAxtaaBQjcGpAZquhBKw2r8NtPQniEgMJcwFMCZzSBrEJtmPsTR54MoGBDbjTi2W1XmgM


版权声明:本文为将者,智、信、仁、勇、严也。原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。