I'm trying to understand if it's possible to create a web service that can send and answer to WhatsApp messages. I searched on the web and I found the WhatsAPI,
I guess this solution work fine, but with the actual version of WhatsApp it's not possible to get the nickname, the sender, the imei and the password.
To get them I set up a Linux PC in which I installed mitmproxy to sniff the web traffic of a Samsung Galaxy S4. By using mitmproxy I can see the web traffic generated by the phone, so I tried to register to WhatsApp (with an another SIM), but in mitmproxy I can't see the data I need for WhatsAPI.
Does anyone knows if it's possible to get the password by using another way?
If it exist can you suggest me a way? Do you think it's possible to do that or it's better to use Telegram or Wechat (they have public API)?
For Java, you can try WhatsUp
For Python, see YowsUp.
Beware that WhatsApp threatens legal action against many of these library developers and does not officially support using the service this way.
I have also spoken directly with WhatsApp representatives who have said no commercial API use of WhatsApp is acceptable.
Also note that bulk messaging is against the WhatsApp terms of service.
There used to be a PHP implementation at WhatsAPI, and another Java implementation, WhatsApi4J. Both are no longer available due to legal threats.
For .NET you use https://github.com/mgp25/Chat-API-NET
download installer for generate password https://github.com/mgp25/WART from this link
string nickname = "Nickname";
/* Your number in the format CCAANNNNNNNNN
* C - Country Code
* A - Area Code
* N - Phone number */
string sender = "***************"; //phone number
string password = "*****************"; // Obtain it with WART or Yowsup
WhatsApp wa = new WhatsApp(sender, password, nickname, true);
wa.OnConnectSuccess += () =>
{
Console.WriteLine("Connected");
wa.OnLoginSuccess += (phoneNumber, data) =>
{
Console.WriteLine("Connection success!");
wa.SendMessage("**************"/* Number */, "Hello World!");
Console.WriteLine("Message sent!");
};
wa.OnLoginFailed += (data) => {
Console.WriteLine("Login failed: {0}", data);
};
wa.Login();
};
wa.OnConnectFailed += (ex) =>
{
Console.WriteLine("Connect failed: {0}", ex.StackTrace);
};
wa.Connect();
Console.WriteLine("END");
Console.ReadLine();
wart app maybe works good for you.
WART
WhatsApp Registration Tool
Uses token generator created by Jake
Uses WhatsApiNet fork by me
Requires .NET Framework 4 or Mono Framework (mono-complete on Linux)
This tool is used to register new phonenumbers and can also be used to retrieve a new password for already registered numbers.
The registration identity is auto-generated by the program based on the phone number.
The optional (and highly recommended) password field is used as salt when generating the identity. This will generate a unique identity hash which cannot be replicated unless you know the password.
Leaving the password field blank will generate an identity hash of just the phone number, which can be easily replicated and is highly insecure.
If these answers were helpful to you, please consider saying thank you in a more constructive way
Related
Our organization wants to develop a "LOST & FOUND System Application" using chatbot integrated in a website.
Whenever the user starts the conversation with the chatbot, the chatbot should ask the details of lost item or item found and it should store the details in database.
How can we do it ?
And can we use our own web-service because organization doesn't want to keep the database in Amazon's Server.
As someone who just implemented this very same situation (with a lot of help from #Sid8491), I can give some insight on how I managed it.
Note, I'm using C# because that's what the company I work for uses.
First, the bot requires input from the user to decide what intent is being called. For this, I implemented a PostText call to the Lex API.
PostTextRequest lexTextRequest = new PostTextRequest()
{
BotName = botName,
BotAlias = botAlias,
UserId = sessionId,
InputText = messageToSend
};
try
{
lexTextResponse = await awsLexClient.PostTextAsync(lexTextRequest);
}
catch (Exception ex)
{
throw new BadRequestException(ex);
}
Please note that this requires you to have created a Cognito Object to authenticate your AmazonLexClient (as shown below):
protected void InitLexService()
{
//Grab region for Lex Bot services
Amazon.RegionEndpoint svcRegionEndpoint = Amazon.RegionEndpoint.USEast1;
//Get credentials from Cognito
awsCredentials = new CognitoAWSCredentials(
poolId, // Identity pool ID
svcRegionEndpoint); // Region
//Instantiate Lex Client with Region
awsLexClient = new AmazonLexClient(awsCredentials, svcRegionEndpoint);
}
After we get the response from the bot, we use a simple switch case to correctly identify the method we need to call for our web application to run. The entire process is handled by our web application, and we use Lex only to identify the user's request and slot values.
//Call Amazon Lex with Text, capture response
var lexResponse = await awsLexSvc.SendTextMsgToLex(userMessage, sessionID);
//Extract intent and slot values from LexResponse
string intent = lexResponse.IntentName;
var slots = lexResponse.Slots;
//Use LexResponse's Intent to call the appropriate method
switch (intent)
{
case: /*Your intent name*/:
/*Call appropriate method*/;
break;
}
After that, it is just a matter of displaying the result to the user. Do let me know if you need more clarification!
UPDATE:
An example implementation of the slots data to write to SQL (again in C#) would look like this:
case "LostItem":
message = "Please fill the following form with the details of the item you lost.";
LostItem();
break;
This would then take you to the LostItem() method which you can use to fill up a form.
public void LostItem()
{
string itemName = string.Empty;
itemName = //Get from user
//repeat with whatever else you need for a complete item object
//Implement a SQL call to a stored procedure that inserts the object into your database.
//You can do a similar call to the database to retrieve an object as well
}
That should point you in the right direction hopefully. Google is your best friend if you need help with SQL stored procedures. Hopefully this helped!
Yes its possible.
You can send the requests to Lex from your website which will extract Intents and Entities.
Once you get these, you can write backend code in any language of your choice and use any DB you want.
In your use case, you might just want to use Lex. PostText will be main function you will be calling.
You will need to create an intent in Lex which will have multiple slots LosingDate, LosingPlace or whatever you want, then it will be able to get all these information from the user and pass it to your web application.
I have a desktop application in which I need to make a user authentication with oAuth2.0.
I looked at the Facebook example but it doesn't really correspond to what I have to do or I don't understand it well.
In fact, I create an O2 instance:
O2* o2Auth;
o2Auth = new o2Auth(this);
o2Auth->setClientId(CLIENT_ID);
o2Auth->setClientSecret(CLIENT_SECRET);
o2Auth->setRequestUrl(REQUEST_URL);
o2Auth->setTokenUrl(TOKEN_URL);
But I don't understand how to authenticate the user with the user name and password. Which function do I have to use to do that?
In Facebook example, there is:
if (argList.contains(OPT_OAUTH_CODE)) {
// Start OAuth
fbdemo_.doOAuth(O2::GrantFlowAuthorizationCode);
} else if (argList.contains(OPT_VALIDATE_TOKEN)) {
fbdemo_.validateToken();
}
where argList is the parameters given to the application but they are not the user name and password.
In the tweeter example, there is :
oxTwitter_->setUsername(username);
oxTwitter_->setPassword(password);
but I didn't find the equivalent in O2.
I think I have to use things like GET and POST functions in the OSRequestor class, but how to link a OSRequestor instance to my O2 instance?
So what do I need to send user name and password to do the authentication with O2?
I'm working on a project in C++ to backup and restore email on Microsoft Exchange servers, I'm trying to write automated tests for the restore function. Right now I can create test users, databases, and mailboxes, and can send email between users through the Exchange Admin Powershell. However, Exchange doesn't have commandlets to view or delete emails (as far as I can tell). Is there a way to do that with straight Exchange commandlets?
I haven't found a way, so instead I'm looking for an IMAP API that I can add to the project to enable viewing and deleting emails. Free would be ideal, but it can't be licensed with GPL. Is there an IMAP API for C++ that doesn't have GPL? Is there an avenue to programatically view and delete emails I haven't tried yet?
EDIT: Honestly I'm not too fussy on how it gets done, I just need a way to do it. I'm open to any suggestions.
https://technet.microsoft.com/en-us/library/ff459253(v=exchg.150).aspx
Search-Mailbox can delete messages.
https://technet.microsoft.com/en-us/library/ee633455(v=exchg.150).aspx
ExportMailboxRequest and ImportMailboxRequest cmdlets do most of the heavy lifting for importing and exporting data.
Why do you need to read messages? Powershell can also do client side scripts using Outlook library commands.
EDIT
Put a 'magic phrase' in your test email. "MagicRainbowUnicorn".
Delete a message
Search-Mailbox -Identity "TestMailbox" -SearchQuery 'MagicRainbowUnicorn' -DeleteContent
Test for message
Switch ((Search-Mailbox -Identity "TestMailbox" -SearchQuery 'MagicRainbowUnicorn').count) {
0 { "No Results Found" }
1 { "One Result" }
default { "More than One, or some other strange Result" }
}
I don't have enough reputation to comment, but could you consume Exchange Web Services with C++? I wrote a few programs in C# that use EWS for monitoring mailboxes. I had the ability to view and delete messages from Exchange.
[Edit]
This is a sample of what I used in C#, if you decide to use that instead of C++. Or maybe it'll help steer you in a good direction.
using Microsoft.Exchange.WebServices.Data;
ExchangeService svc = new ExchangeService(ExchangeVersion.Exchange2010);
svc.Credentials = new WebCredentials("user#domain.com", "password");
svc.AutodiscoverUrl("user#domain.com");
// loop through messages in Inbox
foreach (EmailMessage msg in svc.FindItems(WellKnownFolderName.Inbox, new ItemView(int.MaxValue)))
{
// do stuff with message
}
I am new to the wsdl\soapmessage query\reply world( if i can put it in this way), and I am facing some difficulties using the following wsdl( which I really really hope, one will be so kind to look at at least one of the services described there)
http://almdemo.polarion.com/polarion/ws/services/TrackerWebService?wsdl
which was provided to me to develop a matlab webinterface. Right now my matlab code looks like this:
targetNamespace = 'http://ws.polarion.com/TrackerWebService';
method = 'queryWorkItems';
values= {'Query','Sort'}
names = {'query', 'sort'}
types ={'xsd:string','xsd:string'}
message = createSoapMessage( targetNamespace, method, values, names, types)
response = callSoapService('http://almdemo.polarion.com/polarion/ws/services',...
% Service's endpoint
'http://almdemo.polarion.com/polarion/#/workitems',...
% Server method to run
message)
% SOAP message created using createSoapMessage
author = parseSoapResponse(response)
Herewith to save you time I will just enonce my two problems:
Is the code correct?
Could someone tell me if such a wsdl link is just a definition of webservices or it is also a service's endpoint?
Normally to execute manually\per clicks this services on the weppage
http://almdemo.polarion.com/polarion, you have to login!
So how do I send a message in matlab which first log me in? Or must such a service be introduced into that wsdl for me to do it?? Could you be kind enough to write how it must be defined, because I don't really
write wsdl files, but I shall learn!**
I will be really thankful for your help and I wish you a happy week(-end) guys(& girls)!!!
Regards
Chrysmac
ps: I tried to use Soapui and gave that webpage as endpoint, but the toool crashes each time I enter my credentials! Maybe because of the dataload!??
I'm trying to perform a number of password operations on a user within ActiveDirectory from a C++/CLI library (which will in turn be called by another service) using the Kerberos password protocol as in RFC 3244.
I mocked up a sequence in C# (being my preferred language) using LogonUser to impersonate an admin then use the DirectoryServices.AccountManagement namespace to call SetPassword on the user's entry. SetPassword uses three approaches to attempt the change LDAPS, Kerberos and RPC. If I look at the Wireshark trace I can see the Kerberos handshake when the admin is impersonated, then LDAP attempt (which fails due to lack of SSL) then the kerberos password exchange.
Trying to replicate this is C++ LogonUser does not initiate a Kerberos exchange so when SetPassword is called the method falls through to RPC (which succeeds but does not meet our requirement of using Kerberos).
Is there an way I can force the use of Kerberos?
Is there a better solution to interact with the Kerberos password protocol from .net rather than relying on SetPassword?
Minimal code example:
C#
SafeTokenHandle handle;
LogonUser("serviceAccount", "Test", "aPassw0rd", 2, 0, out handle);
WindowsIdentity.Impersonate(handle.DangerousGetHandle());
DirectoryEntry usr = new DirectoryEntry();
usr.Path = "LDAP://"+"dctest.test.com/"+"CN=testuser,CN=Users,DC=test,DC=com";
usr.AuthenticationType = AuthenticationTypes.Sealing | AuthenticationTypes.Secure;
object ret = usr.Invoke("SetPassword", "aPassw0rd");
usr.CommitChanges();
usr.Close();
Console.WriteLine("Completed");
This approach successfully impersonates the service account then performs the setpassword using KPASSWD over 464.
C++/CLI
HANDLE _handle;
LogonUser(L"serviceAccount",L"Test",L"aPassw0rd",LOGON32_LOGON_INTERACTIVE,LOGON32_PROVIDER_DEFAULT,&_handle)
ImpersonateLoggedOnUser(_handle);
DirectoryEntry^ usr = gcnew DirectoryEntry();
usr->Path = "LDAP://"+"dctest.test.com/"+"CN=testuser,CN=Users,DC=test,DC=com";
usr->AuthenticationType = AuthenticationTypes::Sealing | AuthenticationTypes::Secure;
Object^ ret = usr->Invoke("SetPassword", "aPassw0rd");
usr->CommitChanges();
usr->Close();
Console::WriteLine("Completed");
This approach impersonates the admin account, then when set password is calls does a kerberos exchange (over 88 so i'm guessing this is auth) but then falls back to using RPC.
If I take the C# code and call it from a C++/CLI wrapper the behaviour changes to that displayed as when the code was in C++.
Finally managed to trace this the other day by running the output back through a reflector.
The project properties for C++/CLI class included setting the character set to unicode. With this set the output uses the LogonUserW method. However if this setting changed to "Not Set" then the LogonUser method is used and the Kerberos authentication path for setPassword behaves as normal.