romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint

  • Stars
    star
    631
  • Rank 71,222 (Top 2 %)
  • Language
    Python
  • Created over 6 years ago
  • Updated about 5 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
github

romanzaikin

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This tool was created during our research at Checkpoint Software Technologies on Whatsapp Protocol (This repository will be updated after BlackHat 2019)

WhatsApp Protocol Decryption Burp Tool

This tool was created during our research at Checkpoint Software Technologies on Whatsapp Protocol.

Here is the link to our blog post: https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/

The Extension:

alt tag

Read my book to learn more about web hacking https://www.amazon.com/dp/1096435497

Made By:

Dikla Barda

Linkedin - https://www.linkedin.com/in/diklabarda/

Roman Zaikin

Linkedin - https://www.linkedin.com/in/romanzaikin/

Twitter - https://twitter.com/R0m4nZ41k1n

Dependencies:

* Windows Only(step 3 and 4)
  1. Download Python 2.7 at https://www.python.org/downloads/release/python-2715/
  2. Download pip at https://pip.pypa.io/en/stable/installing/
  3. Download Microsoft Visual C++ Compiler for Python 2.7 at https://www.microsoft.com/en-us/download/confirmation.aspx?id=44266
  4. Copy stdint.h to C:\Users\Administrator\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\VC\include
  5. Execute the command pip install -r requirements.txt
    • On Linux/Mac use python2 -m pip install -r requirements.txt

About the extension

This extension allow you to view and manipulate the actual data that sent via whatsapp.

  1. Open chrome developer tool and break on keyPair: t, (line 3311) and wait until the keys will appear (5 minutes or so).
  2. Run the decoder server which is parser.py (in helper dir).
  3. Install burpWhatsapp.py to your burp suite extensions.
  4. Break get the keys from step 1.
  5. get the secret parameter from the websocket in burp websocket history.

Functionality

  1. Decrypt incoming data, you have to paste the data as base64 to the extension ctrl+b
  2. Encrypt incoming data, after you decrypt the data you can encrypt and put it back to burp by copy pase the base64 and ctrl+shift+b
  3. Decrypt outgoing data, to decrypt outgoing data you have to take it from AesCbcEncrypt function in list format.
  4. Encrypt outgoing data, after the extension encrypt the data back you have to put it back via the console.

you can use the following helper function to do that:

function str2unit8(str) {
  var buf = new ArrayBuffer(str.length);
  var bufView = new Uint8Array(buf);
  
  for (var i=0, strLen=str.length; i < strLen; i++) {
    bufView[i] = str[i];
  }
  return buf;
}

TO-DO

The extension currently can decrypt and encrypt only the message related functionality, in order to add more function you have to map the protobuf and add it to our protobuf file.

More Repositories

1

OllyDbg-v1.10-With-Best-Plugins-And-Immunity-Debugger-theme-

Make OllyDbg v1.10 Look like Immunity Debugger & Best Plugins
Batchfile
100
star
2

Owasp-TOP-10-Training-Panel

This repository contains the source code of the web panel I have used in my book series of books: Cyber and Penetration Testing – Web Penetration Testing.
PHP
48
star
3

From-Zero-to-Hero-in-Web-Security-Research-DefCon-29-Workshop

From Zero to Hero in Web Security Research - Def Con 29 Workshop
EJS
36
star
4

From-Zero-to-Hero-in-Blockchain-Security-DefCon30-Workshop

Blockchain technology has to be one of the biggest technology innovations of the past few years. The top emerging blockchain development trends are crypto coins, NFT, Defi, and even metaverse. Nowadays, Companies are adopting blockchain technology and moving to the decentralized world. Especially smart contract technologies, which open them to a new cyberattack in a new crypto world. While technology evolves cybercriminals evolve along and we constantly hear about the theft of millions of dollars at security breaches in smart contracts everywhere.
Solidity
28
star
5

Google_Maps_Snake_Hack

A research done by Yaara Shriki and Roman Zaikin on Google maps April Fool Prank.
HTML
16
star
6

ITsafe_Mobile_Penetration

Training Apps For Mobile Penetration Book
Java
13
star
7

RaspberryPiVM

This repository contains a raspberry pi VM that can be executed by using Qemu
Shell
11
star
8

GmailTracker

Simple Chrome Extension to Add Check Marks in Gmail ✓✓
JavaScript
10
star
9

Owasp-TOP-10-Training-Panel-Node

This repository contains the source code of the OWASP TOP 10 NodeJS Panel I have used
EJS
10
star
10

smartDiff

smart function that will highlight the difference between 2 strings
Python
5
star
11

PEImage

Store and Retrieve PE inside Image using pixel colors as bits
Python
4
star
12

owasp-il-ctf

solutions to OWASP IL CTF
Python
3
star
13

minesweeper_debugger_loop

solving the game minesweeper by using debugger loop in C and Python
C
2
star
14

defcon_a3_sensitive_data_exposure

Rather than directly attacking crypto, attackers steal keys, or steal clear text data off the server, Developers sometimes forget test cases or other files on production servers.
CSS
2
star