FAQs about Hacking WhatsApp Web
What motivated the author to hack WhatsApp Web?
The author was motivated by having free time during the pandemic and a desire to engage in white hat hacking after a few years of inactivity.
What was the primary focus of the author’s hacking attempts on WhatsApp Web?
The author initially focused on testing for XSS (Cross-Site Scripting) vulnerabilities in WhatsApp’s messaging system by attempting to break the user interface with HTML and JavaScript snippets.
How did the author eventually discover a significant vulnerability in WhatsApp?
The author explored the caching mechanism used for profile pictures, which led to finding a way to add contacts with invalid phone numbers to groups, allowing for anonymous actions and potential security risks.
What was the response time from Facebook’s bug bounty program regarding the reported vulnerability?
The response time was about a week for initial acknowledgment, with the report being closed and a reward of $1250 issued on November 16, indicating a lengthy review process.
What resources does the author recommend for those interested in learning about web security?
The author recommends resources such as xss-game for learning about common XSS attacks, ‘Hack This Site’ for practical hacking experience, and suggests reading other bug reports to gain insights into web security.