Reverse engineering whatsapp web today

[csetariq]

I understand this project is mature now. I'm trying to see how it all started

Proxy

• I have attempted to use a proxy server
• Realized there is noise protocol

Noise Handshake

• Tried to write a custom addon for mitmproxy that speaks noise
• Looks like whatsapp web might verify the chain using WACertPubKey

The only way forward is to incrementally write a client like this one?

I also understand ECDH, so eavesdropping is not possible unless I somehow make the whatsapp web to puke the secret

Any pointers on how I should move forward?

[wahyuputranto]

Is your question related to a very sensitive number in the last 2 days? It hasn't even been an hour since scanning the number and it was immediately banned. If so, it seems we have the same problem.

[csetariq]

No. That wasn't me. I'm just curious "what tools are needed for someone who attempts to write a library like this one"

[Manjit2003]

You dont. Just inject js in the web clients to see the incoming and outgoing traffic. For other low level implementations like noise, wire protocol, etc, you need to read the obsucated web code and figure that things out

[ahmedRSA]

can you share inject js ?

[ahmedRSA]

You dont. Just inject js in the web clients to see the incoming and outgoing traffic. For other low level implementations like noise, wire protocol, etc, you need to read the obsucated web code and figure that things out

@Manjit2003 where do i find this script ?