Advertisement
opexxx

whatsapp_discover.pl

Jun 3rd, 2014
607
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 3.83 KB | None | 0 0
  1. #!/usr/bin/perl
  2.  
  3. # WHATSAPP DISCOVER 1.0
  4. # Author: Deepak Daswani (@dipudaswani)
  5. # Website: http://deepakdaswani.es
  6. # Date: March, 2014
  7.  
  8. use Getopt::Long;
  9. use Net::Pcap;
  10. use NetPacket::Ethernet qw(:strip);
  11. use NetPacket::IP;
  12. use NetPacket::TCP;
  13. use strict;
  14.  
  15. my ($pcap,$err,$dev,$help,$interface,@files);
  16. my $count = 0;
  17. my $file_count = 0;
  18. my $hoffset = -1;
  19.  
  20. # Usage definition
  21.  
  22. sub usage {
  23.  
  24. print "Unknown option: @_\n\n" if ( @_ );
  25. print "\nWhatsapp Discover v1.0  --- Deepak Daswani (\@dipudaswani) 2014\n";
  26. print "                            http://deepakdaswani.es \n";
  27. print "Usage: whatsapp_discover -i interface | -f pcapfile[s]\n";
  28. print "---------------------------------------------------------------\n\n\n";
  29. exit;
  30. }
  31.  
  32. # Parse command line arguments
  33.  
  34. usage() if (@ARGV < 1 or ! GetOptions('help|?' => \$help, 'i=s' => \$interface, 'f=s{,}' => \@files) or defined $help);
  35.  
  36.  
  37.  
  38. if (!defined $interface && ! @files) {
  39.     print "Please select an option\n";
  40.     usage();
  41. }
  42.  
  43.  
  44. if (defined $interface && @files) {
  45.     print "Please select either an interface or a [single|list of] pcap file[s]\n";
  46.     usage();
  47. }
  48.  
  49. # Print header
  50. print "\nWhatsapp Discover v1.0  --- Deepak Daswani (\@dipudaswani) 2014\n";
  51. print "                            http://deepakdaswani.es \n\n";
  52.  
  53. # Sniff or parse pcap file[s]
  54.  
  55. if (defined $interface) { sniff(); }
  56. if (@files) {
  57.     foreach (@files) {
  58.         print "Parsing $_ ...\n";
  59.         parse_file($_);
  60.         $file_count++;
  61.     }
  62. }
  63.  
  64. # Create pcap object from an interface (disabled in this PoC version)
  65. sub sniff {
  66.     print "\nReal time snifing was disabled in this initial version. \nSorry for the trouble\n\n";
  67.     exit;
  68. }
  69.  
  70. # Parse pcap files in batch. Creates pcap object from a saved file
  71. sub parse_file () {
  72.  
  73.     my $file = $_;
  74.     $pcap = Net::Pcap::open_offline ("$file", \$err) or next;
  75.  
  76.     my $datalink;
  77.     $datalink = Net::Pcap::datalink($pcap);
  78.     # Fake a case block
  79.     CASE: {
  80.         # EN10MB capture files
  81.         ($datalink == 1) && do {
  82.         $hoffset = 14;
  83.         last CASE;
  84.         };
  85.            
  86.         # Linux cooked socket capture files
  87.         ($datalink == 113) && do {
  88.         $hoffset = 16;
  89.         last CASE;
  90.         };
  91.            
  92.         # DLT_IEEE802_11 capture files
  93.         ($datalink == 105) && do {
  94.         $hoffset = 32;
  95.         last CASE;
  96.         }
  97.     }
  98.  
  99.  
  100.     my $filter = "tcp && (port 5222 or port 443 or port 5223)";  # Filters Whatsapp's traffic
  101.     my $filter_t;
  102.     Net::Pcap::compile( $pcap, \$filter_t, $filter, 1, 0 );
  103.     Net::Pcap::setfilter( $pcap, $filter_t );
  104.     Net::Pcap::loop( $pcap, 0, \&process_pkt, '' ); # Loop to process pcap file
  105.     Net::Pcap::close($pcap); # Close pcap object
  106.  
  107. }
  108.  
  109. # Function for printing a packet. Only for debug purposes
  110. sub print_pkt {
  111.     my ($packet) = @_;  
  112. my $i;
  113.     $i=0;
  114.     while ($i < length($packet)) {
  115.         print (substr($packet, $i, 4) . " ");
  116.         $i = $i + 4;
  117.         # mod 32 since we are dealing with ascii values, not hex values
  118.         # (two characters instead of one byte)
  119.         if (($i % 32) == 0) { print "\n"; };
  120.     }
  121.     print "\n\n";
  122. }
  123.  
  124.  
  125.  
  126. # Callback function that is applied to every packet processed in the loop
  127. sub process_pkt {
  128.  
  129.     my ($data, $header, $packet) = @_;
  130.     my $unpacket = unpack('H*', substr($packet, 0,1));
  131.     if (($hoffset == 32) && ($unpacket == 88)) {
  132.         $hoffset = 34;   # Add 2 bytes to the header is it is an IEEE 802.11 QOS frame
  133.     }  
  134.  
  135.     my $paquete = substr($packet, $hoffset); # Hack to parse not only Ethernet but also IEEE 802.11 frames
  136.     my $ip_obj  = NetPacket::IP->decode( $paquete );
  137.     my $tcp_obj = NetPacket::TCP->decode( $ip_obj->{data} );
  138.    
  139.     if ($tcp_obj->{data} =~ /^WA.*?([a-zA-Z\-\.0-9]+).*?([0-9]{6,})/) {  # RegEx used to parse packet
  140.         my $version = $1;
  141.         my $telefono = $2;
  142.         print "Got 1 number! S.O: $version Mobile number: +$telefono\n";
  143.         $count++;
  144.     }
  145.  
  146. }
  147. print "\n$file_count files parsed. $count phone numbers using Whatsapp found...\n\n";
  148. # End of file
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement