Whatsapp User’s IP Address disclosure with Link Preview feature and Grabify

-



Note: This content is strictly for educational use only , misusing this knowledge can land you in trouble. 

I recently came across an article on medium by Rahul Kankrale about Whatsapp user’s IP disclosure from Whatsapp's Link Preview feature . The article was quite interesting , it meant that if a Whatsapp user copy pasted a website URL on his/her message box and Whatsapp generated a preview of the URL , it may expose Whatsapp user's IP address to the website even without user clicking the URL.

That article was quite techy and demonstrating it to non technical student community was a pain, i also wanted to test if it works in 2021 without complex technical setup. So after lots of trial and error I selected  grabify for this purpose and got interesting results such as Whatsapp version , Location , ISP and IP Address.


I have used a VPN to hide my IP Address and geolocation . In the above dashboard  i had to  hide few columns for privacy reasons . 

 So here i am going to explain how i did it so that people can verify it for themselves.

STEP 1:  visit https://grabify.link/

STEP 2:  Enter any website url in grabify and create a grabify URL. This URL is capable of tracking users.

STEP 3:  Simply copy paste the grabify URL in whatsapp message box and wait till a preview is generated.

STEP 4:  In grabify Dashboard you will find Whatsapp IP address , Version , Country and ISP used by the Whatsapp User who pasted the grabify URL in his Whatsapp messagebox.

Currently there is no way to disable link previews in whatsapp So avoid copy pasting unknown links in whatsapp chatbox . Share this article to spread awareness and stay safe!

Comments

Post a Comment

Popular posts from this blog

MY PGP KEY

-
Here i am posting my OPENPGP PUBLIC KEY which can be used to verify digital signature of  my software available in github and for reporting security bugs.  -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBF3nwF4BEADbF61zKMFr/FNE/8mMniRPK66eIQvxzNWX0RhbjvLfjLooJiyx zCxGYURvXsxoDaehnGRnjP5Hf/Qok1SppAhIZydg5L1nkzjQHQQbUSIoilMGw1UH tWr8TCgZKPWUjPYtkoo0/lLxtgdVMVcl8pvdyYKCJVTpXuxWZa37z1FhCWTrLO1P Nv7B0xLuAjjem6lzLBO/5kUlL0mlsWHp1dMg8Zxm5lvuUNP/2xUe3Qyv49F1b1nt 5okzW1XmvNReEZKiMvHbxIzCRjbifaNXgZaar054FEWH3z3VN4BDsGHAqahVu4oz TAVcX5ABkCfwLOsAMAJrFyd3P6mVoY/fHnbyIIj2ZzZVUzSPSPPfkuukEd+OQKTK bm4Ite4yPXzGwN8XYNWELLn2vpb/ucqlcsvP5bXkt+YCixi0GkiELsI2B6VFgy/3 x4dr1eQKSM1S8ZBq/ah5/FCB5ikxfpCYqKA/tNqI3OafvJoYmzjaO1Wef6vMt+dF Hcs5/j/ZC/FyVgN58oPH6i7j/ihFDTvoCTLkr3NqbkWJkyW/Nuaek/Ed+N2FhPen YI8SVkjR/WXF4T0b4QCfgtyeOxQEqxInvJR3F9hRX48dMZWjl9Z54eWID9tOz4Y7 G7LusA1rNjmNWNIXCc6FHhANwhpW0uk6oKuW1uAdqNpyiWuj0devCIDKvwARAQAB tB9NLkFuaXNoIDxhbmVlc2gyNTg2MUBnbWFpbC5jb20+iQJOBBMBCAA4AhsjBQsJ CAcCBhUKCQgLAgQWAgMBA
Read more

Unblocking Websites using my AntiCensorship Tool in C

-
Image
In my earlier blog post on defeating antivirus detection using Googleweblight , i had shown that googleweblight can be used to bypass firewalls. I have created a C program to make this unblocking process even more faster and easier. The program just manipulates the url and unblocks it. The link to Download the program is given below: -  AntiCensorship Toolv3 Download Here is a short tutorial on how to use the program:- STEP1 : Extract the zip file. STEP2 :Connect to internet and click the Program. STEP3: Wait till program connects the internet, this should normally take 4-5 seconds. STEP4: Enter the website to be unblocked. STEP5: Wait for program Menu. STEP6: Enter your choice . Note that Googleweblight and Hypothes.is would be better for connecting sites with videos and interactive content. Other services would be better for reading text. For Abuse prevention reasons i have choosed services which don't allow downloading files. STEP5: Please wait
Read more

Removing Metadata from PDF documents using Notepad++

-
Image
PDF documents can easily reveal the author name , date and time on which the document was created and PDF software used , which can be used to guess the identity of person , timezone and operating system and PDF software version used in computer.  I found a simple way to hide these basic information from PDF documents using Notepad++. STEP1:   Get the PDF document ,  make sure it is of PDF version 1.5 or below. For PDF 1.6 and above , we can just downgrade them using software like imagemagick by converting PDF to images and converting them back to PDF of version 1.5. STEP2: View the PDF metadata in a browser or exiftool and check information present before removal of  Metadata.   S TEP3: Search for Author, Creator, Creation date after opening PDF document in notepad++. STEP4: Remove lines containg words creater , date , etc as shown in the image above.   STEP5: Ensure that all lines which contained identifying metadata in plaintext are removed and save
Read more