This tool was created during our research at Checkpoint Software Technologies on Whatsapp Protocol (This repository will be updated after BlackHat 2019)

Python 83.58% C 16.42%

whatsapp burpsuite-extender protocol-buffers hacking-tool

burpextension-whatsapp-decryption-checkpoint's Introduction

WhatsApp Protocol Decryption Burp Tool

This tool was created during our research at Checkpoint Software Technologies on Whatsapp Protocol.

Here is the link to our blog post: https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/

The Extension:

Read my book to learn more about web hacking https://www.amazon.com/dp/1096435497

Made By:

Dikla Barda

Linkedin - https://www.linkedin.com/in/diklabarda/

Roman Zaikin

Linkedin - https://www.linkedin.com/in/romanzaikin/

Twitter - https://twitter.com/R0m4nZ41k1n

Dependencies:

* Windows Only(step 3 and 4)

Download Python 2.7 at https://www.python.org/downloads/release/python-2715/
Download pip at https://pip.pypa.io/en/stable/installing/
Download Microsoft Visual C++ Compiler for Python 2.7 at https://www.microsoft.com/en-us/download/confirmation.aspx?id=44266
Copy stdint.h to C:\Users\Administrator\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\VC\include
Execute the command pip install -r requirements.txt
- On Linux/Mac use python2 -m pip install -r requirements.txt

About the extension

This extension allow you to view and manipulate the actual data that sent via whatsapp.

Open chrome developer tool and break on keyPair: t, (line 3311) and wait until the keys will appear (5 minutes or so).
Run the decoder server which is parser.py (in helper dir).
Install burpWhatsapp.py to your burp suite extensions.
Break get the keys from step 1.
get the secret parameter from the websocket in burp websocket history.

Functionality

Decrypt incoming data, you have to paste the data as base64 to the extension ctrl+b
Encrypt incoming data, after you decrypt the data you can encrypt and put it back to burp by copy pase the base64 and ctrl+shift+b
Decrypt outgoing data, to decrypt outgoing data you have to take it from AesCbcEncrypt function in list format.
Encrypt outgoing data, after the extension encrypt the data back you have to put it back via the console.

you can use the following helper function to do that:

function str2unit8(str) {
  var buf = new ArrayBuffer(str.length);
  var bufView = new Uint8Array(buf);
  
  for (var i=0, strLen=str.length; i < strLen; i++) {
    bufView[i] = str[i];
  }
  return buf;
}

TO-DO

The extension currently can decrypt and encrypt only the message related functionality, in order to add more function you have to map the protobuf and add it to our protobuf file.

burpextension-whatsapp-decryption-checkpoint's People

Contributors

Stargazers

Watchers

Forkers

dbzdivik techlord-rce apinter hexadite-lior gavz miguelraulb m00zh33 zeeshansultan johnofsaints star-it naveen12 edvacco garethwright captainbarber99 shinmccold vicsanjinez cehfida cclauss kxp n0thing2speak slowmistio hacksparrow vip3r011 wzor heruix neomatrixcode ajrulez dcmjid mzakyz666 d-demirci fb11 idandagan1 jdiazmx anonshadow sucof mjpradeepraj hapazores ndasjowo jithendra14 jatabares moltivie crackercat diklata myndtt mrfork91 cwaazywabbit parampaa fingerleakers andrekorol taskiller mrmugiwara cryptekshots primekun saadmahboob arb1993 dannymas chillspike-zz erez-il theneptunez nmhai rodac5 magma2 sheeraz-hacks-production killvxk jasonthename rotemreiss aydgelee luorui110120 ossiemarks reedip turlet oip-prd maxwellsun ashr spankders johndoex1 cyberbuck attackgithub tajpop3 kevinmel2000 ninetyninezero hello-xbugs kidstell pcm211 jongoldman7 freeguy1 jakofff cftong kubikrubit hacky1997 ajgappmark h1t35h xxksaxx ampersanded loki-jarvis shaunstanislauslau hhy5277 waseembugti linuer masbog

burpextension-whatsapp-decryption-checkpoint's Issues

Error loading extenstion

After following all steps, when trying to load "burpWhatsapp.py" in burp I get an error:

`Traceback (most recent call last):
File "C:\Python27\Lib\site.py", line 539, in
main()
File "C:\Python27\Lib\site.py", line 521, in main
known_paths = addusersitepackages(known_paths)
File "C:\Python27\Lib\site.py", line 266, in addusersitepackages
user_site = getusersitepackages()
File "C:\Python27\Lib\site.py", line 241, in getusersitepackages
user_base = getuserbase() # this will also set USER_BASE
File "C:\Python27\Lib\site.py", line 231, in getuserbase
USER_BASE = get_config_var('userbase')
File "C:\Python27\Lib\sysconfig.py", line 525, in get_config_var
return get_config_vars().get(name)
File "C:\Python27\Lib\sysconfig.py", line 475, in get_config_vars
_init_non_posix(_CONFIG_VARS)
File "C:\Python27\Lib\sysconfig.py", line 373, in _init_non_posix
vars['BINDIR'] = os.path.dirname(_safe_realpath(sys.executable))
File "C:\Python27\Lib\sysconfig.py", line 99, in _safe_realpath
return realpath(path)
File "C:\Python27\Lib\sysconfig.py", line 99, in _safe_realpath
return realpath(path)
File "C:\Python27\Lib\ntpath.py", line 474, in abspath
if not isabs(path):
File "C:\Python27\Lib\ntpath.py", line 58, in isabs
s = splitdrive(s)[1]
File "C:\Python27\Lib\ntpath.py", line 115, in splitdrive
if len(p) > 1:
TypeError: object of type 'NoneType' has no len()

at org.python.core.Py.TypeError(Py.java:259)
at org.python.core.PyObject.__len__(PyObject.java:650)
at org.python.core.__builtin__.len(__builtin__.java:729)
at org.python.core.BuiltinFunctions.__call__(__builtin__.java:64)
at org.python.core.PyObject.__call__(PyObject.java:465)
at ntpath$py.splitdrive$4(C:\Python27\Lib\ntpath.py:135)
at ntpath$py.call_function(C:\Python27\Lib\ntpath.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at ntpath$py.isabs$2(C:\Python27\Lib\ntpath.py:59)
at ntpath$py.call_function(C:\Python27\Lib\ntpath.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at ntpath$py.abspath$18(C:\Python27\Lib\ntpath.py:480)
at ntpath$py.call_function(C:\Python27\Lib\ntpath.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at sysconfig$py._safe_realpath$1(C:\Python27\Lib\sysconfig.py:101)
at sysconfig$py.call_function(C:\Python27\Lib\sysconfig.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at sysconfig$py._init_non_posix$13(C:\Python27\Lib\sysconfig.py:373)
at sysconfig$py.call_function(C:\Python27\Lib\sysconfig.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at sysconfig$py.get_config_vars$20(C:\Python27\Lib\sysconfig.py:517)
at sysconfig$py.call_function(C:\Python27\Lib\sysconfig.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:118)
at org.python.core.PyFunction.__call__(PyFunction.java:403)
at sysconfig$py.get_config_var$21(C:\Python27\Lib\sysconfig.py:525)
at sysconfig$py.call_function(C:\Python27\Lib\sysconfig.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at site$py.getuserbase$8(C:\Python27\Lib\site.py:232)
at site$py.call_function(C:\Python27\Lib\site.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:124)
at org.python.core.PyFunction.__call__(PyFunction.java:403)
at site$py.getusersitepackages$9(C:\Python27\Lib\site.py:256)
at site$py.call_function(C:\Python27\Lib\site.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:124)
at org.python.core.PyFunction.__call__(PyFunction.java:403)
at site$py.addusersitepackages$10(C:\Python27\Lib\site.py:270)
at site$py.call_function(C:\Python27\Lib\site.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:138)
at org.python.core.PyFunction.__call__(PyFunction.java:413)
at site$py.main$33(C:\Python27\Lib\site.py:537)
at site$py.call_function(C:\Python27\Lib\site.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:124)
at org.python.core.PyFunction.__call__(PyFunction.java:403)
at site$py.f$0(C:\Python27\Lib\site.py:591)
at site$py.call_function(C:\Python27\Lib\site.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyCode.call(PyCode.java:18)
at org.python.core.imp.createFromCode(imp.java:436)
at org.python.core.imp.createFromPyClass(imp.java:236)
at org.python.core.imp.createFromPyClass(imp.java:205)
at org.python.core.imp.loadFromSource(imp.java:651)
at org.python.core.imp.find_module(imp.java:543)
at org.python.core.imp.import_next(imp.java:840)
at org.python.core.imp.import_first(imp.java:861)
at org.python.core.imp.load(imp.java:716)
at org.python.core.Py.importSiteIfSelected(Py.java:1558)
at org.python.util.PythonInterpreter.<init>(PythonInterpreter.java:116)
at org.python.util.PythonInterpreter.<init>(PythonInterpreter.java:94)
at org.python.util.PythonInterpreter.<init>(PythonInterpreter.java:71)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at burp.owb.<init>(Unknown Source)
at burp.s5c.a(Unknown Source)
at burp.zfb.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

How can I fix this?

Problem with outgoing message

I'm trying to set the outgoing message by modifying the ‘a’ parameter in the browser with this function

var f = function str2unit8(str) {
  var buf = new ArrayBuffer(str.length);
  var bufView = new Uint8Array(buf);
  
  for (var i=0, strLen=str.length; i < strLen; i++) {
    bufView[i] = str[i];
  }
  return buf;
};

How do I modify the parameter. Like:

a = f("[ ... ]");
or
a = f([ ... ]);

And it's necessary to change anything else from this code besides fromMe to false?

["action", {"epoch": "293", "type": "relay"}, [{"message": {"conversation": "d"}, "messageTimestamp": "number", "key": {"fromMe": true, "remoteJid": "[email protected]", "id": "number"}, "status": "PENDING"}]]

burpWhatsapp.py how do I execute

I CAN NOT understand this part of the manual, where do I put the burpWhatsapp.py? And then how do I execute?

Second you have to add the file burpWhatsapp.py to your burpsuit extensions.

obs: Do you have a telegram group or something like that?

Upgrade from Python 2.7 to Python 3.7?

flake8 testing of https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint on Python 3.7.0

$ flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics

./burpWhatsapp.py:186:36: E999 SyntaxError: invalid syntax
                    print serverData
                                   ^
./helper/parser.py:169:34: E999 SyntaxError: invalid syntax
        print "ENCRYPTED DIFF: {}".format(char_diff)
                                 ^
./helper/libs/whatsapp_write.py:178:21: E999 SyntaxError: invalid syntax
            print int(value, 16)
                    ^
3     E999 SyntaxError: invalid syntax
3

Problem: "Bad message"

Hi! When I wanted to decrypt message, I got this information :" Bad message, can't decrypt the incoming message." And I'm sure that the private key and public key and ref were correct. So I have no idea where is the issue.

Can some people help me?? @romanzaikin

And I already try several times. It still doesn't work. Here are details:
ref: {"ref":"1@fmw/dw6TcLIThMjjG/Evzd11yOcqRjU821ci8Ko+m1y1gHpAqDJ+k2xk","wid":"***********[email protected]","connected":true,"isResponse":"false","serverToken":"1@e5hswShfPfSKo6SeNCcVdJ44M1vlVMw3CkmBs+uadAGOb7oZAMAnlPMVl3x1n2cyn7dpSettMvJL/w==","browserToken":"1@zzZoKQj0hg/WwT/I/HYSxj/hgNXIR4eeP8fu+c+y/oItpzsrQKzeU0NKu01wRY8i48r8TiUBZz7kxqAJOh8zKn9KUyZt3Zm57jSRKa4YqBGWbA+M0TztsrGaFc5aEnRz6BrXUhAVrArcbjyxe6PAMw==","clientToken":"UW6FqwWt/779bcfVMauUEZ6V74KBsUx3eBJTIrygMHBIKncYNU5Slza0GjrwObWQwkQVhV0oKnqOmm27OWiwsA==","lc":"CN","lg":"zh","secret":"GPilAuRdetgPixBhJNN42Fouj3lDFhuL2QvlcGp800jf5J7RXPK00GYfJOpV5vOVaLOYGhsXL9YVqdGVgicV9ITv3Uy3I6iMauF0ixcwt3qV0AwhyFIIB6Bo7Kp0ZSk6iWCBbDC+aAbIwTJSczprwW56WCiQ61hvVC84ew2snazn2wQPW1ZxGFMTR61owmY6","protoVersion":[0,17],"binVersion":10,"battery":74,"plugged":false,"platform":"iphone","features":{"KEY_PARTICIPANT":true,"FLAGS":"EAEYASACKAIwAjgBQAFIAVgCYAF4AoABAogBAg=="},"phone":{"wa_version":"2.18.102","mcc":"460","mnc":"001","os_version":"12.1.2","device_manufacturer":"Apple","device_model":"iPhone 6s","os_build_number":"undefined"},"pushname":"Giant","tos":0}
priKey:
[140, 175, 120, 170, 163, 195, 128, 156, 29, 63, 241, 172, 97, 142, 249, 118, 50, 246, 186, 125, 179, 147, 102, 211, 53, 111, 229, 250, 144, 116, 13, 44]
pubKey:
[248, 172, 165, 193, 168, 46, 193, 66, 162, 197, 189, 212, 233, 92, 169, 11, 46, 57, 108, 228, 85, 248, 50, 198, 182, 196, 105, 204, 14, 169, 174, 87]

And converse incoming message in Base64.

pip install -r requirements.txt fail and don't compile

The command exposed fails with the errors:

Failed building wheel for curve25519-donna
Failed building wheel for pycrypto

the two above errors return the message:

UnicodeDecodeError: 'ascii' codec can't decode byte 0xed in position 22: ordinal not in range(128)

what I've done wrong?

Environment: Windows 10

Is it Patched? Cant find keys tho im at the correct place

I cannot find the keys, i've done everything correct, also burp installed everything fine.. i cant find the keys... is this Patched?

/private/var/root/Desktop/Screen Shot 2019-11-18 at 9.37.09 PM.png

Import error

No module named burp

Cant get whatsapp web qr code when burp is listening.

Hi!

I am trying to get the websocket from burp by scanning the qr code on whatssap web but when I set burp to listen to the browser the qr code doesnt load. I have tried this on chrome and firefox. If anyone could help me that would be great.

Thank you
Nyle

Encrypting outgoing message

I can encrypt an outgoing message without any problem, but when I try to decrypt it again, it says "Can't encrypt the outgoing message, something wrong with the data", even when I didn't change anything.

How could I fix this?

EDIT: In the parser.py I get the following error:
connection received from client ('127.0.0.1', 54132) CHARACTERS LENGTH BEFORE FIX: 1 'tuple' object has no attribute 'append'

PubKey-PrivKey-Secret-RefObject

Hi All,

I'm trying to understand the difference between the 4 attributes: private Key, public key, ref object and secret.

I know the private key, public key and ref object are to be place at the burp suite extension.

However, why do i need the secret (as shown in the image below)

Do I need to place the secret key somewhere within the burp suite?

Thank you.

regards,
GinNoel

Attack 2 not working

Hi,
I am not able to put back the encrypted data via console. Please tell it step by step.

Also, after encrypting the message, if I try to decrypt it again (ie: decrypt-encrypt-decrypt of outgoing message) it throws error. Why?

Please provide a reply.

Putting Encrypt Data Back Via Console - Outgoing Msg - Attack 2

Hi,

This is regarding Attack 2.

I manage to decrypt outgoing message.
Change the message, change true to False.
Encryp it back successfully.

I'm stuck on putting the encrypted data back to the console. I.e. im stuck on no 4 (please see attached image). How can I do that?

Thank you

Decryption of an outgoing reply message doesn't show the message

If I try to decrypt an outgoing reply message:

here the reply message ready to be decrypted:

here the reply message decrypted:

as you can see the message field is empty: it should not.

Problem: "Bad message, can't decript the incoming message"

I am Getting the error message in Burp, Can't decrypt message. Keys are correct and ref is also correct

all set(pubkey,prikey,ref) Connect button error please help

please look at the image , the parser.py on the left. what can you know from the errors ?

A better way to translate the json to list

On parser.py there are some TODOs where it's said that a better way to translate the json to list is needed.
Isn't it possible to just use json.loads() instead of ast.literal_eval() ?

Not able to run parse.py file

I am have this error while compiling
windows 32 bit python 3.6 anaconda

cannot decrypt message even with ref keys and base 64 encoded message.

what am i doing wrong

keys whatsapp

can you add to your ream me please how to get the keys

How to work with step 4 and 6 in Linux?

download Microsoft Visual C++ Compiler for Python 2.7 at https://www.microsoft.com/en-us/download/confirmation.aspx?id=44266

copy stdint.h to C:\Users\Administrator\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\VC\include

Error with the last command " pip install curve25519-donna "

I already copied the In the right directory, the more time I execute the last command, it comes out

Trying to figure out how to pull up the extension

I'm just at the point where I'm trying to pull up the BurpSuite Extension so I get the box with all the tabs like how it looks in all of the blog example pictures. I'm (pretty sure ish?) that I ran the parser.py file and burpWhatsapp.py to my extensions....although tbh I don't even totally understand that and maybe I didn't. Anyways. I desperately need help just getting this extension to appear. Thank you.

Hello Im having issues in creating breakpoint.

I added a breakpoint in the sources console after the l.keypair-encode(pubkey) but after refreshing I am not able to get the secret.

Problem: "Bad message, can't decript the incoming message"

Hello,
I can not decrypt a message intercepted with the burp suit proxy.
I turned the text into Base64.
The pair keys and the secret are correct.

Decrypt-Encrypt-Decrypt on outgoing message not working

I decrypted my outgoing message. And encrypted it without editing. On trying to decrypt it again, I get error.
And I am getting different encrypted message after re-encrypting the same message.

Original outgoing message

Decrypted outgoing message

Encrypted outgoing message (without any changes)

Trying to decrypt it

I have the private, public key and Secret. How do I get the RefObject

I have the secret, but how can I recieve the human readable string ref object from it? It seems like some kind of hash.
When I take a look at the screenshots of the blog and users there is also a hash as secret and no plain text. What am I doing wrong?

Thanks for the help!

Get ref object

Step by step using websocket history in burp suite to get ref object???

Where are the keys? What am I doing wrong..

web.whatsapp.com problems in finding public/private keys

finding the web client keypair is hard in firefox i tried debugger and jsbeautify to set breakpoint but failed to get the keypair can you guys make a script to automate this step

Not able to get Keys in Firefox

though the priv key and pubkey appear cannot get the values in the array

Error "Bad message"

Randomly outgoing encryption does not work

Sometimes, but not always, the encryption of an outgoing message can't be decrypted. Here an example where I didn't change anything before encrypting again.

Here the content of 'a' variable ready to be decrypted:

Here I decrypted it:

Here I re-encrypted without changing anything: (notice that it's different from the original)

Here I try to decrypt again but it gives me error:

If you want I can give you privately all my keys so you can debug it.
Thanks

How to use AesCbcEncrypt?

Hi, can some one tell me how to decrypt the outgoing message in aescbcencrpt. Actually I only find a plugin called AES kill.
@Orinion Can you help me please?

Decrypting incoming message works but manipulation is not made

Hi everybody. Do the attacks described in the post still work? I finally was able to set up the ref object, the keys, run the parser, connect to the extension and I can successfully decrypt an incoming message.

But when I change the content of the message, even though I change the id to anything else (like it says in the post) and also the timestamp, when I encrypt it and paste it again in the intercept tab after clicking ctrl-shift-B it does not reach modified.

In the post you can see that you can do this for group messages but the first scenario in the video the attacker could spoof any incoming message in and individual chat. I have tried both ways. Individual chat and group chat. I can decrypt the message , but when I changed it and I can paste it and forward the request I cannot see the spoofed message.

Thanks to all of you for your reply! Thanks @romanzaikin for the great work!

Changing incoming message content with Unicode characters doesn't work

I have configured everything correctly, and successfully spoofed incoming group message contents, as long as the messages were in English.
When I tried to do the same process for an incoming message in Hebrew (decrypt, change message content, encrypt and forward through Burp's proxy) that contained special characters with '\u' - the spoofed message just didn't show in WhatsApp Web.

Getting Public Private Key

I am not able to get the public private key from the browser. When I go to sources tab, all I can see is a clumsy code and not formatted like the one given in attack web page.
How to format the ".js" file so that the break point can be inserted after "encode(t.pubkey)" as specified.
I am new to this. So, please don't mind for asking this simple question.

Does it still work?

Hi,

Looking for an update from the Author or creditable answers.

Whatsapp Web Client changed JS several times since I looked in to it.

Getting Pub, Priv key is quite hard, but possible. It seems it changes (QR code) and the Priv, Pub key every ca. 10 secs.

I am pretty sure I managed to get the right key (Priv and Pub) as well as secret (Ref Object)

Than I paste base64 encoded message I sent to one of my contacts (websocket -> to server endpoint /ws). It has a format of:

ID,<binary>

In the parser.py
This goes through:

BurpExtension-WhatsApp-Decryption-CheckPoint/helper/parser.py

Line 91 in 90247f2

if check_hmac != self.secret[32:64]:

However, got a mismatch here:

BurpExtension-WhatsApp-Decryption-CheckPoint/helper/parser.py

Line 109 in 90247f2

raise ValueError("Error hmac mismatch")

As I said I am quite confident I had 32 ints each good Priv and Pub key and secret (Ref Obj).

Is this still working?

Thanks,

Edited message only happening on my side

i did everything just as in the blog. everything is working like a charm BUT whenever i edit a message, im the only person that can see it. the others get the original message. EXAMPLE; a person in my group write "red" and i edit it to "blue" im the only one that see it.

unexpected EOF while parsing (<unknown>, line 1)

Got this issue in parser.py

also can't able to decrypt massage.

connection received from client ('127.0.0.1', 52521)
connection received from client ('127.0.0.1', 45969)
connection received from client ('127.0.0.1', 54641)
unexpected EOF while parsing (, line 1)
connection received from client ('127.0.0.1', 57561)
connection received from client ('127.0.0.1', 58147)
unexpected EOF while parsing (, line 1)
connection received from client ('127.0.0.1', 39220)
connection received from client ('127.0.0.1', 50065)
connection received from client ('127.0.0.1', 46154)
connection received from client ('127.0.0.1', 47374)
connection received from client ('127.0.0.1', 39599)
connection received from client ('127.0.0.1', 54960)
connection received from client ('127.0.0.1', 38419)
connection received from client ('127.0.0.1', 60649)

Pub Pri keys

Do have another way to get private and public keys ?

Questions about participant manipulation

Hi! I'm walking through these 3 WhatsApp vulnerabilities as detailed on their blog post (https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/)....and I'm curious:

For Part 3, aka, where the attacker makes the victim think that the whole group is receiving a message that only they are receiving.....could the reverse be done? Could an attacker block a single person out of the conversation? Can this only happen with 3 participants, or could it happen in other-sized groups as well?
If the attacker manipulated the 'participant' parameter to make someone look like they were a member of the conversation who wasn't really there....would that (real) person get a notification on their WhatsApp?
Finally, in order to manipulate the 'participant' in a group chat, do you have to use the quote function? Why doesn't changing 'FromMe' work in a group context?

Thank you!

once i got the private and public key the QR CHANGE itself

im using the BREAKPOINT to catch the PRIVATE+PUBLIC key . but when i resum the debugger to show the QR. the QR will change itself multiple times .

Encrypting decrypted message result in different message from original

Hi,

I'm having trouble changing the message content. I'm able to intercept the message and deprypt it. Once I modify the message (as in the video) I then press "Encrypt", I copy in the proxy, base64 decode it, but then the message does not appear in my web.whatsapp

I noticed that if I intercept a message, then decrypt and immediately encrypt (without any modification) if I compare the original message and the decrypted/encrypted one they are different. I expect them to be the same. Maybe there is a problem in the encryption?

Thanks

Not working

I try to run the extension on Linux (Kali), but I faced with the following issue:
ImportError: No module named os

All dependencies are installed.

Getting secret parameter with Burp

Hi guys. I am trying this extension and I could retrieve my public and private keys debugging Javascript code following the instructions on the technical post. But I have some problems with the "secret" parameter.
As the post says, it's the mobile phone who makes the request to web.whatsapp.com so you have to set Burp to capture that traffic. I'm using and iPhone X with iOS 11.4. I set the proxy manually and installed the PortSwigger cert via a profile in the phone.
But I can't get any HTTPS request made by WhatsApp on Burp. Not in the history tab neither in the websockets tab. I do see other HTTPS requests made with the browser.
Could you help me to understand what is wrong?
I imagine this parameter can only be retrieved from that request.
Thanks for your help and congratulations @romanzaikin for the research and the job. It's pretty cool!