PyCoin - Automated BitCoin Updates via SMS

There’s a lot of buzz around BitCoin right now. A lot of people frequent going to CoinBase or Google to find the price of BitCoin. I decided to make a automated script that would text you the price of BitCoin using Python. I used CoinBase API along with Twilio API to complete this task. There are ways to use python SMS without Twilio but I won’t be covering that here.

While this might not be Red Team related I feel it’s relevant in helping people with python, automation, and SMS. This same method could be used for automated texting to you if an engagement were successful. For example if a victim enters credentials to your C2, real time updating from implants, etc. You get the idea.

Requirements

We’ll need a couple things to get started. First we’ll need API keys from both CoinBase and Twilio. Go ahead and make accounts and get your API keys and from Twilio your auth-token and free phone number. We’ll also need (for ease) the Coinbase and Twilio libraries for python.

pip install twilio
pip install coinbase

Config.py

You’ll want to create a config file for your API keys, phone numbers, etc. Mine kind of looks like this

twilio_api = "my api key goes here"
twilio_auth = "my auth key goes here"
twilio_num = "+12341234"

coinbase_api = "my coinbase api key"
coinbase_token = "my coinbase token"

my_num = "+19994444"

We’ll call this in our script to ensure we are not exposing secrets.

pycoin.py

The meat of the code is the api calls. We’ll start by calling the libraries we’ll need.

import config
from twilio.rest import Client as twilio_Client
from coinbase.wallet.client import Client

Calling our config file for our secret, renaming Client as twilio_client to avoid conflict with the coinbase library Client. From here we build the CoinBase function.

def coinBase():
    client = Client(config.coinbase_auth, config.coinbase_api, api_version='2017-12-03')

    currency_code = 'USD'  # can also use EUR, CAD, etc.

    # Make the request
    price = client.get_spot_price(currency=currency_code)
    return('Current BitCoin price in %s: %s' % (currency_code, price.amount))

This is making the api request to CoinBase to pull the current price of BitCoin in USD. We’ll be calling this function inside the Twilio function next.

def twilio():

    client = twilio_Client(config.account_sid, config.auth_token)
    if price <= price.split(' ')
    message = client.messages.create(to=config.my_num, from_=config.twilio_num, body=coinBase())
    return message

Here we’re calling the Twilio API to create a message for us. Using the phone number we want the message to goto in to=config.my_num the phone number we got from Twilio from_=config.twilio_num and finally making the call to the CoinBase function to return the price of BitCoin to text as the message.

Full Source

Conclusion

Twilio can be used for a multitude of things including Red Team engagements. Automating alerting is nice to have especially when you’ve got multiple engagements going on and don’t want to waste time, or you want updates. Imagine instead of having a website as a C2 to make call outs you use SMS to alert you. Web traffic is easy to detect on these days, but nobody is detecting on other mediums like SMS. At least not yet.

comments powered by Disqus