- #67
Comments
|
web.whatsapp.com > (index). But the keys are not longer there. https://web.whatsapp.com/libsignal-protocol-c387645.min.js seems to be generating them. But I still can't find where it's stored / how to read them. AES CBC is being used. |
|
;) |
|
Hey Cuj, Honestly I got really busy with some stuff here, and at this point I don't which one was what... The keys are somewhere there... set several breakpoints, and play the code line by line, look for "keyPair" in the included Js, you should be able to find the pair in a couple of hours. Check the lenghts to be sure. If you manage the get they pair, then, you'll need an array which is required by the extension... could not locate it. Perhaps intercepting the traffic from the cell phone would reveal something. I can assist you a bit, https://www.linkedin.com/in/chris-c-russo/ add me there if you want. |
|
there's another way to play around with whatsapp, the encryption mechanisms, don't let you flood, or manipulate the data as you would do with burp suit. However if you place an API in the middle, lets say localhost, and you proxy it, you can interact with it... I've been able to freeze a cell phone and restart another using multiple SIM cards / accounts connected, and targetting a single account with intruder an heavy processing media. |
|
node npx @open-wawa-automate |
|
Where can I find the secret key parameter in the BurpSuite Websocket History? It's not showing up at all. |
|
io non ci ho capito niente e tutto il giorno e la notte che provo a capire ste chiavi e come devo bloccare per poter provare questa estensione ma non ci riesco proprio.. ci riprovo domani.. vado a riposare.. |
The text was updated successfully, but these errors were encountered: