Sign in to follow this
Followers
0

whatsapp FakesApp: A Vulnerability in WhatsApp
By
dEEpEst, in Bugs & Exploits
-
Similar Content
-
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Wapiti works as a “black-box” vulnerability scanner, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages, special strings or abnormal behaviors.
General features
Generates vulnerability reports in various formats (HTML, XML, JSON, TXT…).
Can suspend and resume a scan or an attack (session mechanism using sqlite3 databases).
Can give you colors in the terminal to highlight vulnerabilities.
Different levels of verbosity.
Fast and easy way to activate/deactivate attack modules.
Adding a payload can be as easy as adding a line to a text file.
Browsing features
Support HTTP, HTTPS, and SOCKS5 proxies.
Authentication on the target via several methods: Basic, Digest, Kerberos or NTLM.
Ability to restrain the scope of the scan (domain, folder, page, url).
Automatic removal of one or more parameters in URLs.
Multiple safeguards against scan endless-loops (for example, limit of values for a parameter).
Possibility to set the first URLs to explore (even if not in scope).
Can exclude some URLs of the scan and attacks (eg: logout URL).
Import of cookies (get them with the wapiti-getcookie tool).
Can activate / deactivate SSL certificates verification.
Extract URLs from Flash SWF files.
Try to extract URLs from javascript (very basic JS interpreter).
HTML5 aware (understand recent HTML tags).
Several options to control the crawler behavior and limits.
Skipping some parameter names during attack.
Setting a maximum time for the scan process.
Adding some custom HTTP headers or setting a custom User-Agent.
Supported attacks
Database Injection (PHP/ASP/JSP SQL Injections and XPath Injections)
Cross Site Scripting (XSS) reflected and permanent
File disclosure detection (local and remote include, require, fopen, readfile…)
Command Execution detection (eval(), system(), passtru()…)
XXE (Xml eXternal Entity) injection
CRLF Injection
Search for potentially dangerous files on the server (thank to the Nikto db)
Bypass of weak htaccess configurations
Search for copies (backup) of scripts on the server
Shellshock
DirBuster like
Wapiti supports both GET and POST HTTP methods for attacks.
It also supports multipart and can inject payloads in filenames (upload).
Display a warning when an anomaly is found (for example 500 errors and timeouts) Makes the difference between permanent and reflected XSS vulnerabilities.
Module names
The aforementioned attacks are tied to the following module names :
backup (Search for copies and scripts)
blindsql (SQL injection vulnerabilities detected with time-based methodology)
buster (DirBuster like a module)
crlf (CR-LF injection in HTTP headers)
delay (Not an attack module, prints the 10 slowest to load web pages of the target)
exec (Code execution or command injection)
file (Path traversal, file inclusion, and XXE)
htaccess (Misconfigured htaccess restrictions)
nikto (Look for known vulnerabilities by testing URL existence and checking responses)
permanent XSS (Rescan the whole target after the xss module execution looking for previously tainted payloads)
shellshock (Test Shellshock attack, see https://en.wikipedia.org/wiki/Shellshock_%28software_bug%29 )
sql (Error-based SQL injection detection)
xss (XSS injection module)
Changelog v3.1.2
Fix a crash that may occur after the crawling and before laucnhing attacks (connection pool was closed)
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. More than 1 billion people in over 180 countries use WhatsApp. WordPress WhatsApp Support plugin provides better and easy way to communicate visitors and customers directly to your support person. It runs on your own WordPress site, allowing you full control over your support via WhatsApp.
Hidden Content
Give reaction to this post to see the hidden content.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Wpnotif lets you send notifications using SMS or WhatsApp to your customers from your WordPress site. The plugin is also fully compatible with WooCommerce and you can setup automatic notification triggers for your customers whenever they create a new order or whenever the status of that order is changed. Site admins including, store owners, editors etc can also setup messages or WhatsApp notifications for themselves.
Hidden Content
Give reaction to this post to see the hidden content.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Make more sales, grow & retain customers, increase status views and take your Business to the next level with Whatsapp
What you'll learn:
Complete WhatsApp Marketing Course
Marketing with Whatsapp can be a lot more effective if you know what you can do.
The difference between Whatsapp and Whatsapp for Business is important to know.
Find out what you can do with the API for Whatsapp.
You don’t need to know how to write code to make your own bot.
Requirements:
A desire and curiosity about how to market on Whatsapp
Description:
What does Whatsapp for Business do? Do you want to know how you can use it to make your small business grow? Whatsapp for Business has a lot of important features, and I will show you how to use them in this masterclass. I have witnessed the meteoric growth of this app over the last two years, with the immense interest evident from the people who find and engage with my content on Youtube.
This class will cover:
It is called a “Whatsapp Status.”
People send messages when they go away or when they see each other.
Whatsapp can help your business.
In this case, the Whatsapp API is called.
How to make a bot with a bot builder
As more people learn about Whatsapp for Business and the powerful tools it has to offer, I am sure it will become more popular.
FUN FACTS:
WhatsApp has 2 billion active users around the world.
If you want to send messages on a phone, WhatsApp is the most popular app to do so.
A lot of people use WhatsApp to send and receive more than 100 billion messages each day.
People who use WhatsApp most of the time on Android spend 38 minutes a day on the app.
India has the most people who use WhatsApp every month (390.1 million).
CLASS PROJECT:
Set up a Whatsapp for Business profile and try it out for your small business to see what people say.
Who this course is for:
Anyone who wants to learn more about what Whatsapp can do
Course Details:
2.5 hours on-demand video
37 downloadable resources
Full lifetime access
Access on mobile and TV
Certificate of completion
Hidden Content
Give reaction to this post to see the hidden content.
Hidden Content
Give reaction to this post to see the hidden content. -
By LSDeep
Hidden Content
Give reaction to this post to see the hidden content.
Hidden Content
Give reaction to this post to see the hidden content.
-