search

romanzaikin / BurpExtension-WhatsApp-Decryption-CheckPoint

This tool was created during our research at Checkpoint Software Technologies on Whatsapp Protocol (This repository will be updated after BlackHat 2019)
637 stars 173 forks source link

For everyone looking for a working and more complete version #64

Open Auties00 opened 3 years ago

Auties00 commented 3 years ago

Hello, I created a more complete version of this tool that does everything automatically built on top of my WhatsappWeb library. If anyone needs it: https://github.com/Auties00/whatsappweb4j-request-analyzer

SLAYER-CODE commented 3 years ago

Funci

Hola, creé una versión más completa de esta herramienta que hace todo automáticamente construido sobre mi biblioteca WhatsappWeb. Si alguien lo necesita: https://github.com/Auties00/whatsappweb4j-request-analyzer

The interception of the packets works and it only shows the payload, I'm almost sure there is a way to revert the whole key and get the same result for burpsuit with the project you show ... (WhatsappKeysManager.java) Or am I wrong?

Auties00 commented 3 years ago

Funci

Hola, creé una versión más completa de esta herramienta que hace todo automáticamente construido sobre mi biblioteca WhatsappWeb. Si alguien lo necesita: https://github.com/Auties00/whatsappweb4j-request-analyzer

The interception of the packets works and it only shows the payload, I'm almost sure there is a way to revert the whole key and get the same result for burpsuit with the project you show ... (WhatsappKeysManager.java) Or am I wrong?

i don't know if it can be done, technically the keys are generated locally in the browser, they are not sent from the server to the client as they should be secret. The way I intercept them is by using the debugger API of the chrome dev tools.