Skip to content

senior-sigan/Wazzup

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commits

src/main

src/main

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

pom.xml

pom.xml

 
 

Repository files navigation

#WAZZUP

It's proof of the attacking concept on WhatsApp.

Because WhatsApp uses QR-codes and phone to log into web interface we have slitted authentication flow.

  • We open session with WhatsApp in one browser.
  • We authenticate that session from another session - our smartphone.

Therefore it's quite possible to carry out so-called "The mafia fraud".

#Requirements

  1. Wazzup site - phishing clone of the original site.
  2. Selenium web driver to extract QR-code from the original WhatsApp
  3. Profit!

I created very simple implementation of the server that proxies whatsapp auth-token(qr-code) to the wazzup site.

About

Proof of the concept: Mafia fraud against WhatsApp

medium.com/@senior_sigan/wazzup-%D0%B8%D0%BB%D0%B8-%D0%BE%D0%B1%D0%BC%D0%B0%D0%BD-%D0%B2%D1%8B%D0%BF%D0%BE%D0%BB%D0%BD%D0%B5%D0%BD%D0%BD%D1%8B%D0%B9-%D0%BC%D0%B0%D1%84%D0%B8%D0%B5%D0%B9-4a49ffb6b13b

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages