Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Retrieving and processing JSON data (BTC example) SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Retrieving and processing JSON data (BTC example)

This week, several handlers started to watch Bitcoin transactions, due to Johannes receiving a new type of sextortion email and I reporting on the profitability of such emails.

Rick Wanner came up with the following blockchain.info API call to retrieve data for Bitcoin addresses we want to monitor:

https://blockchain.info/multiaddr?active=...

The addresses we want to monitor, together with their properties, appear in the JSON data.

To extract just the data we want (address and balance), I use jq, a command-line JSON processor:

curl -s https://blockchain.info/multiaddr?active=1BDmpLvmt2atwR2hLqvYfacEhR9hWwimfB%7C1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72 | jq -r ".addresses | .[] | [.address,.final_balance/100000000] | @csv"

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

495 Posts
ISC Handler
Jul 14th 2018

Sign Up for Free or Log In to start participating in the conversation!