Whatsapp weWhat do we say to that?
There' not much more for me what I have to do with this information, so I began to look at the other clear text news that were sent and received. What was the most important thing for me? First, I chose to toy a little with changing dates that were something I had figured out, like a telephone number or a state, and seeing how that affected my desktops application.
First thing I did was get someone's photo without putting it in your directory, when we catch an incoming call for a profilPicThumb and modify the number, we get a reply from the servers containing the IP addresses of that user's photo. One of them is an automatically increasing number of messages and the other is sometimes a time stamp, sometimes... I don't know what the 554 is.
But everything should be encoded! Now, peer-to-peer mails are encoded, group mails are encoded, but there are still some clear text requests from the machine that are legible to humans. Whatsapp doesn't even look his in your phone book, because you might be the one who receives the news, or you might be part of a group of folks who haven't added you, but still want to see their picture.
Information about persons that I certainly haven't even included in my phone book is available to me. The day is, however, a datestamp for the most recently viewed period that we see below the contact's name in the instant message window. As I can see, this is used by spreaders to collect the number of humans and, let me be paraanoid to get some succulent information.
Monitor the state, the last viewed times, and the image of a large number of visitors and you could earn money for someone who knows what to do with this information. You can insert the resulting arrays into the preceding call string. I was a little afraid that the WhatsApp engineering team might have stopped this and banned me for misusing their services, fortunately they seem to have installed a butterfly valve system for me because the application only gave 26 results, none of which were void.
Each of them with their links to the picture and their last seen times, all of them humans I have no idea about. I' ve also analyzed all "last seen" files and could not draw any conclusions, there are many user who have been running in the last 24 hour and many user who are not using the services anymore.
By the end of the diary, it's the dates. Change the preceding link to not show someone's image. When decomposing the urls, we see two oe and oh parameter that have a time stamp in Hex adecimal size like 5B468759 (a few working days in the near term, so maybe it's a valid time stamp, but I can still get the pictures more than 12 ours after the request) and a 32 digit hex tag sign for that horoscope, which makes it easy for their crew to find out who is using theirs.
I am sure that this is only the tip of the ice mountain when it comes to the dates that are available, I did not want to go after the dates too much for this contribution, if they have any receipt, I could go ahead with this way, if not... I had my fun!.. In the same way we can catch an incoming mail and change the request to the servers to get all the prior information that we can also get the state of a number that is not associated with us by submitting.