Skip to content
/ BurpExtension-WhatsApp-Decryption-CheckPoint Public
forked from romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint

This tool was created during our research at Checkpoint Software Technologies on Whatsapp Protocol (This repository will be updated after BlackHat 2019)

0 stars 175 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hhy5277/BurpExtension-WhatsApp-Decryption-CheckPoint

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits

helper

helper

 
 

lib

lib

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

burpWhatsapp.py

burpWhatsapp.py

 
 

requirements.txt

requirements.txt

 
 

tool.png

tool.png

 
 

working data.txt

working data.txt

 
 

Repository files navigation

WhatsApp Protocol Decryption Burp Tool

This tool was created during our research at Checkpoint Software Technologies on Whatsapp Protocol (This repository will be updated after BlackHat 2019)

Here is the link to our blog post: https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/

The Extension:

alt tag

Made By:

Dikla Barda

Linkedin - https://www.linkedin.com/in/diklabarda/

Roman Zaikin

Linkedin - https://www.linkedin.com/in/romanzaikin/

Twitter - https://twitter.com/R0m4nZ41k1n

Dependencies:

* Windows Only(step 3 and 4)
  1. Download Python 2.7 at https://www.python.org/downloads/release/python-2715/
  2. Download pip at https://pip.pypa.io/en/stable/installing/
  3. Download Microsoft Visual C++ Compiler for Python 2.7 at https://www.microsoft.com/en-us/download/confirmation.aspx?id=44266
  4. Copy stdint.h to C:\Users\Administrator\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\VC\include
  5. Execute the command pip install -r requirements.txt
    • On Linux/Mac use python2 -m pip install -r requirements.txt

About the extension

This extension allow you to view and manipulate the actual data that sent via whatsapp.

  1. Open chrome developer tool and break on line '33479' and '5857'
  2. continue the execution until you break on 5857 and take the keys.
  3. First, you have to run the decoder server which is parser.py (is in helper dir).
  4. Second, you have to add the file burpWhatsapp.py to your burpsuite extensions.

Functionality

  1. Decrypt incoming data, you have to paste the data as base64 to the extension ctrl+b
  2. Encrypt incoming data, after you decrypt the data you can encrypt and put it back to burp by copy pase the base64 and ctrl+shift+b
  3. Decrypt outgoing data, to decrypt outgoing data you have to take it from AesCbcEncrypt function in list format.
  4. Encrypt outgoing data, after the extension encrypt the data back you have to put it back via the console.

you can use the following helper function to do that:

function str2unit8(str) {
  var buf = new ArrayBuffer(str.length);
  var bufView = new Uint8Array(buf);
  
  for (var i=0, strLen=str.length; i < strLen; i++) {
    bufView[i] = str[i];
  }
  return buf;
}

TO-DO

The extension currently can decrypt and encrypt only the message related functionality, in order to add more function you have to map the protobuf and add it to our protobuf file.

About

This tool was created during our research at Checkpoint Software Technologies on Whatsapp Protocol (This repository will be updated after BlackHat 2019)

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 83.6%
  • C 16.4%