Comments (12)
@tarun14110 I also had same issue and posted that if you find solution ,let me know
from burpextension-whatsapp-decryption-checkpoint.
@thiru112 So, were you able to impersonate outgoing messages as other user (attack 2 as explained on blog)?
from burpextension-whatsapp-decryption-checkpoint.
@tarun14110 I wasn't able to change message an put into the 'a' parameter in the browser
from burpextension-whatsapp-decryption-checkpoint.
You can do that by using this code a = Uint8Array.from([new encrypted array]).buffer
at console during breakpoint at and then continue .
But, its not working. I guess there is some issue with encryption for outgoing messages. The encryption method should encrypt the decrypted outgoing message to same message as before decryting. But it's not doing that for now.
from burpextension-whatsapp-decryption-checkpoint.
@tarun14110 I try and reach you asap
from burpextension-whatsapp-decryption-checkpoint.
Hi all, I'm having the same issue except that I'm trying for incoming message. When I decrypt the message and then re-encrypt it (even without making any changes in the message) - this newly encrypted message cannot be decrypted so ofcourse when I forward it to whatsapp web, it is not able to decrypt it and show it. I hope someone can help fix it soon.
from burpextension-whatsapp-decryption-checkpoint.
You can do that by using this code
a = Uint8Array.from([new encrypted array]).buffer
at console during breakpoint at and then continue .
But, its not working. I guess there is some issue with encryption for outgoing messages. The encryption method should encrypt the decrypted outgoing message to same message as before decryting. But it's not doing that for now.
@thiru112 did you manage to get this work. I'm stuck on how to chage it in the browser.
Hi,
This is regarding Attack 2.
I manage to decrypt outgoing message.
Change the message, change true to False.
Encryp it back successfully.
I'm stuck on putting the encrypted data back to the console. I.e. im stuck on no 4 (please see attached image). How can I do that?
Thank you
from burpextension-whatsapp-decryption-checkpoint.
You can do that by using this code
a = Uint8Array.from([new encrypted array]).buffer
at console during breakpoint at and then continue .
But, its not working. I guess there is some issue with encryption for outgoing messages. The encryption method should encrypt the decrypted outgoing message to same message as before decryting. But it's not doing that for now.
Hi @tarun14110 did u manage to get the a = Uint8Array.from([new encrypted array]).buffer
work?
from burpextension-whatsapp-decryption-checkpoint.
@GinNoel sorry for the late reply but i managed to do it.
first create a global variable in the console.
temp = new Uint8Array([248,..., 2, 1]).buffer
then doubleclick the a variable in the local scope and insert the name of the global variable.
Also note that the encrypted message is not correct (for me it inserts a 11, however after removing it, it works)
from burpextension-whatsapp-decryption-checkpoint.
Hello, can anyone fix the problem? Letting DE-EN-DE on outgoing message works well.
from burpextension-whatsapp-decryption-checkpoint.
@GinNoel sorry for the late reply but i managed to do it.
first create a global variable in the console.
temp = new Uint8Array([248,..., 2, 1]).buffer
then doubleclick the a variable in the local scope and insert the name of the global variable.
Also note that the encrypted message is not correct (for me it inserts a 11, however after removing it, it works)
Hi @Orinion ,
My apologies for the very late reply. Thank you for the steps.
You lost me here "(for me it inserts a 11, however after removing it, it works)". Can you please explain further?
Thank you.
from burpextension-whatsapp-decryption-checkpoint.
Hello @GinNoel, taken frome the screenshots of the op:
he didn't change annything, however the 11 gets added after encrypting. Simply remove it before you paste it in the browser
from burpextension-whatsapp-decryption-checkpoint.
Related Issues (20)
- Where are the keys? What am I doing wrong.. HOT 4
- cannot decrypt message even with ref keys and base 64 encoded message. HOT 8
- Import error HOT 2
- Hello Im having issues in creating breakpoint.
- Does it still work? HOT 1
- Pub Pri keys
- Is it Patched? Cant find keys tho im at the correct place HOT 6
- unexpected EOF while parsing (<unknown>, line 1)
- Doesn't work anymore
- Can't start parser server HOT 1
- Update to Python3 HOT 1
- Is this still work???
- parser.py doesn't work HOT 2
- For everyone looking for a working and more complete version HOT 2
- Please, update to Python 3.9🙏 HOT 5
- unexpected public/private keys HOT 2
- Which file in the sources tab in DevTools has "keyPair: t,"? HOT 8
- How do I get the secret parameter??? HOT 1
- Ref Obj Not found HOT 6
- Needs Update!!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from burpextension-whatsapp-decryption-checkpoint.