{"id":13636760,"url":"https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint","last_synced_at":"2025-04-19T08:33:10.414Z","repository":{"id":201268604,"uuid":"143415571","full_name":"romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint","owner":"romanzaikin","description":"This tool was created during our research at Checkpoint Software Technologies on Whatsapp Protocol (This repository will be updated after BlackHat 2019)","archived":false,"fork":false,"pushed_at":"2019-10-21T08:22:46.000Z","size":427,"stargazers_count":637,"open_issues_count":11,"forks_count":173,"subscribers_count":53,"default_branch":"master","last_synced_at":"2024-11-05T07:24:20.690Z","etag":null,"topics":["burpsuite-extender","hacking-tool","protocol-buffers","whatsapp"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/romanzaikin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2018-08-03T10:48:39.000Z","updated_at":"2024-11-03T00:01:19.000Z","dependencies_parsed_at":null,"dependency_job_id":"4d1d201e-81bc-49a6-8a73-6e54260616d8","html_url":"https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint","commit_stats":null,"previous_names":["romanzaikin/burpextension-whatsapp-decryption-checkpoint"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/romanzaikin%2FBurpExtension-WhatsApp-Decryption-CheckPoint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/romanzaikin%2FBurpExtension-WhatsApp-Decryption-CheckPoint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/romanzaikin%2FBurpExtension-WhatsApp-Decryption-CheckPoint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/romanzaikin%2FBurpExtension-WhatsApp-Decryption-CheckPoint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/romanzaikin","download_url":"https://codeload.github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223795250,"owners_count":17204136,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burpsuite-extender","hacking-tool","protocol-buffers","whatsapp"],"created_at":"2024-08-02T00:01:04.990Z","updated_at":"2024-11-09T06:30:51.174Z","avatar_url":"https://github.com/romanzaikin.png","language":"Python","funding_links":[],"categories":["Cryptography","Python","Pentesting"],"sub_categories":["Template Injection","SSRF","Payloads"],"readme":"# WhatsApp Protocol Decryption Burp Tool\n\nThis tool was created during our research at Checkpoint Software Technologies on Whatsapp Protocol.\n\nHere is the link to our blog post: https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/\n\nThe Extension:\n\n![alt tag](https://raw.githubusercontent.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint/master/tool.png)\n\nRead my book to learn more about web hacking https://www.amazon.com/dp/1096435497\n\nMade By:\n---------------\n\n__Dikla Barda__\n\nLinkedin - https://www.linkedin.com/in/diklabarda/ \n\n\n__Roman Zaikin__\n\nLinkedin - https://www.linkedin.com/in/romanzaikin/\n\nTwitter -  https://twitter.com/R0m4nZ41k1n\n\n\nDependencies:\n---------------\n\t* Windows Only(step 3 and 4)\n1) Download Python 2.7 at https://www.python.org/downloads/release/python-2715/\n2) Download pip at https://pip.pypa.io/en/stable/installing/\n3) Download Microsoft Visual C++ Compiler for Python 2.7 at https://www.microsoft.com/en-us/download/confirmation.aspx?id=44266\n2) Copy `stdint.h` to `C:\\Users\\Administrator\\AppData\\Local\\Programs\\Common\\Microsoft\\Visual C++ for Python\\9.0\\VC\\include`\n5) Execute the command `pip install -r requirements.txt`\n    * On Linux/Mac use `python2 -m pip install  -r requirements.txt`\n\n\nAbout the extension\n---------------\n\nThis extension allow you to view and manipulate the actual data that sent via whatsapp.\n1) Open chrome developer tool and break on keyPair: t, (line 3311) and wait until the keys will appear (5 minutes or so).\n2) Run the decoder server which is `parser.py` (in helper dir).\n3) Install `burpWhatsapp.py` to your burp suite extensions.\n4) Break get the keys from step 1.\n5) get the secret parameter from the websocket in burp websocket history.\n\nFunctionality\n---------------\n\n1) Decrypt incoming data, you have to paste the data as base64 to the extension `ctrl+b`\n2) Encrypt incoming data, after you decrypt the data you can encrypt and put it back to burp by copy pase the base64 and `ctrl+shift+b`\n3) Decrypt outgoing data, to decrypt outgoing data you have to take it from `AesCbcEncrypt` function in list format.\n4) Encrypt outgoing data, after the extension encrypt the data back you have to put it back via the console.\n\nyou can use the following helper function to do that:\n\n```js\nfunction str2unit8(str) {\n  var buf = new ArrayBuffer(str.length);\n  var bufView = new Uint8Array(buf);\n  \n  for (var i=0, strLen=str.length; i \u003c strLen; i++) {\n    bufView[i] = str[i];\n  }\n  return buf;\n}\n```\n\nTO-DO\n---------------\n\nThe extension currently can decrypt and encrypt only the message related functionality, in order to add more function you have to map the protobuf\nand add it to our protobuf file.\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fromanzaikin%2FBurpExtension-WhatsApp-Decryption-CheckPoint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fromanzaikin%2FBurpExtension-WhatsApp-Decryption-CheckPoint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fromanzaikin%2FBurpExtension-WhatsApp-Decryption-CheckPoint/lists"}