romanzaikin / Burpextension Whatsapp Decryption Checkpoint
This tool was created during our research at Checkpoint Software Technologies on Whatsapp Protocol (This repository will be updated after BlackHat 2019)
Stars: ✭ 562
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Burpextension Whatsapp Decryption Checkpoint
18-plus-Facebook-Phishing
18+Facebook-Phishing.Hack Facebook
Stars: ✭ 58 (-89.68%)
Mutual labels: whatsapp, hacking-tool
Saint
👁 (s)AINT is a Spyware Generator for Windows systems written in Java. [Discontinued]
Stars: ✭ 522 (-7.12%)
Mutual labels: hacking-tool
Sn1per
Attack Surface Management Platform | Sn1perSecurity LLC
Stars: ✭ 4,897 (+771.35%)
Mutual labels: hacking-tool
Thc Archive
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (-15.66%)
Mutual labels: hacking-tool
Baileys
Lightweight full-featured typescript/javascript WhatsApp Web API
Stars: ✭ 492 (-12.46%)
Mutual labels: whatsapp
Whatsapp Web Bot
Whatsapp Web Bot - Example of Bot for use on Whatsapp Web (on Chrome)
Stars: ✭ 450 (-19.93%)
Mutual labels: whatsapp
Yasuo
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (-8.01%)
Mutual labels: hacking-tool
Piximagepicker
Pix is a Whatsapp image picker replica. with this, you can integrate an image picker just like WhatsApp.
Stars: ✭ 488 (-13.17%)
Mutual labels: whatsapp
Protobuf
[Looking for new ownership] Protocol Buffers for Go with Gadgets
Stars: ✭ 4,998 (+789.32%)
Mutual labels: protocol-buffers
Hackerpro
All in One Hacking Tool for Linux & Android (Termux). Make your linux environment into a Hacking Machine. Hackers are welcome in our blog
Stars: ✭ 474 (-15.66%)
Mutual labels: hacking-tool
Operative Framework
operative framework is a OSINT investigation framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or results, interact with RESTFul API, write your own modules.
Stars: ✭ 511 (-9.07%)
Mutual labels: whatsapp
Search That Hash
🔎Searches Hash APIs to crack your hash quickly🔎 If hash is not found, automatically pipes into HashCat⚡
Stars: ✭ 466 (-17.08%)
Mutual labels: hacking-tool
Prototool
Your Swiss Army Knife for Protocol Buffers
Stars: ✭ 4,932 (+777.58%)
Mutual labels: protocol-buffers
Reconpi
ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.
Stars: ✭ 490 (-12.81%)
Mutual labels: hacking-tool
Whatsapp Web Reveng
Reverse engineering WhatsApp Web.
Stars: ✭ 5,320 (+846.62%)
Mutual labels: whatsapp
Onex
onex is a hacking tool installer and package manager for hackers. Onex is a library of all hacking tools for Termux and other Linux distributions. onex can install any third party tool or any hacking tool for you.
Stars: ✭ 537 (-4.45%)
Mutual labels: hacking-tool
WhatsApp Protocol Decryption Burp Tool
This tool was created during our research at Checkpoint Software Technologies on Whatsapp Protocol.
Here is the link to our blog post: https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/
The Extension:
Read my book to learn more about web hacking https://www.amazon.com/dp/1096435497
Made By:
Dikla Barda
Linkedin - https://www.linkedin.com/in/diklabarda/
Roman Zaikin
Linkedin - https://www.linkedin.com/in/romanzaikin/
Twitter - https://twitter.com/R0m4nZ41k1n
Dependencies:
* Windows Only(step 3 and 4)
- Download Python 2.7 at https://www.python.org/downloads/release/python-2715/
- Download pip at https://pip.pypa.io/en/stable/installing/
- Download Microsoft Visual C++ Compiler for Python 2.7 at https://www.microsoft.com/en-us/download/confirmation.aspx?id=44266
- Copy
stdint.htoC:\Users\Administrator\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\VC\include - Execute the command
pip install -r requirements.txt- On Linux/Mac use
python2 -m pip install -r requirements.txt
- On Linux/Mac use
About the extension
This extension allow you to view and manipulate the actual data that sent via whatsapp.
- Open chrome developer tool and break on keyPair: t, (line 3311) and wait until the keys will appear (5 minutes or so).
- Run the decoder server which is
parser.py(in helper dir). - Install
burpWhatsapp.pyto your burp suite extensions. - Break get the keys from step 1.
- get the secret parameter from the websocket in burp websocket history.
Functionality
- Decrypt incoming data, you have to paste the data as base64 to the extension
ctrl+b - Encrypt incoming data, after you decrypt the data you can encrypt and put it back to burp by copy pase the base64 and
ctrl+shift+b - Decrypt outgoing data, to decrypt outgoing data you have to take it from
AesCbcEncryptfunction in list format. - Encrypt outgoing data, after the extension encrypt the data back you have to put it back via the console.
you can use the following helper function to do that:
function str2unit8(str) {
var buf = new ArrayBuffer(str.length);
var bufView = new Uint8Array(buf);
for (var i=0, strLen=str.length; i < strLen; i++) {
bufView[i] = str[i];
}
return buf;
}
TO-DO
The extension currently can decrypt and encrypt only the message related functionality, in order to add more function you have to map the protobuf and add it to our protobuf file.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].