Multiple Vulneribilities found in Whatsapp Web

Few days back whatsapp released its web client which is called as WhatsappWeb and as soon as it was released everyone was curoious to know if there exist some kind of bug in it. Even i was curious to know . So i tried a few thing and i got two bugs on it. And to my surprise my findings went viral. It got covered in almost by all the popular newspaper, online news portal. Few of them are : International Business Times , The Hacker News , The Assam Tribune , Infosecurity Magazine , etc. Even the popular British security analyst Graham Cluley  shared his valuable opinions about my findings in his blog.

So here are the two bugs that i discovered in the new WhatsappWeb.

Whatsapp photo privacy bug

Whatsapp gives us the option to hide our profile picture from others. Whatsapp offers 3 options a. everyone b. contacts c. nobody. If we set privacy to contacts only then only the people who are in our contact list can view our profile picture. But The new version of WhatsApp Web allows us to view a user’s profile image even if we are not on the contact list of that user. Even if the user has set the profile image privacy setting to "Contacts Only," the profile picture can be viewed by out of contacts people as well.

Here is the video demonstration :

As  Graham Cluley said in his blog , it’s not the most serious privacy breach that has ever occurred. But the fact of the matter is that WhatsApp users chose to keep their profile photos private, and their expectation is that WhatsApp will honour their choices and only allow their photos to be viewable by those who the user has approved.

WhatsApp Web Photo Sync Bug

Two weeks back when whatsapp released its web client called whatsappWeb they said that all the messages will be synced. Means if we send a message from our phone it will appear on the whatsappweb too and if we send a message from whatsappweb the message will appear in our mobile too. Now if we delete a message from mobile then the chats get refreshed in whatsappweb and the message that was deletes in the mobile gets deleted. But the same does not happen with photos. If we send a photo from our mobile it appears in our whatsappweb too and then when we delete the photo from our mobile , the photo appears blurred in our mobile as it is deleted but the same does not happen in whatsappweb. It does not get refreshed like the other time it did when user deletes a text. The photo is still accessible by Whatsapp Web as the photo does not get deleted from its web client, revealing the fact that mobile and web clients of the service are not synced properly.

Here is the video demonstration :

I have reported both the bugs to the whatsapp security team and they are now working on it. Since the WhatsappWeb is now in its initial stage so I suppose things are not well arranged but I hope in the coming days whatsapp patch its bugs and give us a secure and awesome messaging platform.

WhatsApp Web - WhatsApp launches its web client, but not for iOS users

A long-desired feature for fans, WhatsApp is now available on the browser — but not any browser. For now, Chrome is the only browser supported, and you’ll need the app to log-in. With a scan of the QR code, you can start chatting on the desktop, and leave your phone on the desk next to you. Unless you’re on iOS — the desktop doesn’t support that, either.

To get started chatting via WhatsApp on the desktop, head into your app on Android, Windows Phone, or BlackBerry. You’ll see a “WhatsApp Web” screen, which is where you scan the QR code on WhatsApp’s web portal.

The scan links the browser experience with your app. WhatsApp also says your phone needs to stay connected to the Internet for it to work, which means turning your phone off or slipping it into Airplane Mode could disable your browser session.

Apple users may not see a WhatsApp version, either. According to WhatsApp CEO Jan Koum, Apple’s “platform limitations” currently prevent the desktop version from being available to iOS users, and could even be why Safari is left hanging.

Your Hidden Facebook Photos Aren’t So Hidden

PictureMate ( initially picturebook)  is an extension for Google Chrome that lets you view hidden photos of your “friends” and your “friends” yours. Indeed, to the extent you can see the pictures of people who have not even added as friends on facebook. It means Users don’t have to be friends for PictureMate to work; you just install it and click when you’re looking at someone’s profile.

According to report PictureMate is rolled out as a Chrome extension on Monday. It’s the effort of Steven Goh, the developer behind the Javelin Browser for Android. The extension promises to “unblock and search for hidden pictures of anyone in Facebook.”

Say a friend tags you in an embarrassing photo. You can make it go away by selecting “hide from my timeline.” But this only stops people from viewing the photo within your timeline; it doesn’t in fact remove or block the photo in any way. If the photo’s privacy setting was set to “public”, anyone could have found it anyway.

Other users will still be able to see the photo by visiting your friend’s timeline, or simply by searching for it. PictureMate takes benefit of this loophole and surfaces photos you’ve been tagged in, in spite of of whether you’ve hidden them.

How to fix it:

  •  The only way to really hide your hidden photos from this tool is by untagging yourself. First, select “hidden from timeline” from the drop down menu under the photo’s date.
  • From there, select “Report/remove tag” from the popup window that appears
  • Then select “remove tag.”

This removes the tag, which will stop photos from showing on your timeline, or on the Picturebook extension.

5 Useful Google Chrome Apps

One of the reason why Google chrome is so popular isits mind blowing Apps which makes our task much easier. In this post we will share 5 usefull Google Chrome Apps that you will surely find very useful.

1. Buffer - With Buffer, you can share links and photos on multiple social media websites in one go. You can post stuff to Twitter, LinkedIn, Facebook, and Google Plus pages.Buffer not only makes it easy for you to post content, it also help you track the performance of your shared links.

2. Mighty Text - MightyText lets you send and received SMS text messages directly from Gmail or Facebook on your computer. All you need to do is install the Mighty Text app on your Android phone. Mighty Text offers a chat style widget inside Gmail and here you can read through your existing text messages or write new

3. Clipular - Clipular is a wonderful screen clipper for the web – you press Alt twice and capture anything on the current web page. Once a screenshot is captured, the image is automatically uploaded to your private Clipular dashboard along with the title and source link of the current page.

4. Disconnect Me - Online advertisers and Internet companies are tracking your activity on the Internet, not for the purpose of snooping but for serving you more personalized search results and more targeted advertising.Disconnect Me is a simple Chrome add-on that will automatically block advertising companies, analytics services and search engines from tracking you online. There’s no configuration required and as soon as you install the add-on, the tracking is suspended.

5. Web Timer - Web Timer is a Chrome extension that will help you keep track of how you’re using your time online. It tracks what websites you are visiting and how many minutes you spend looking at each of them. There’s some intelligence built in for more accurate data. The background timer is only activated when Google Chrome is in focus and your computer isn’t left in an idle state for more than 30 seconds.

Create your own Browser in a few clicks

Hello everyone today I am going to share a nice website with you which will help you make your on custom made browser in a few clicks for free. gives you the platform to create your own personalized browser. You can personalize it as per your own needs. It is very easy and simple to create your own personalized browser with MakeMyBrowser.comvery free of cost.

Security Measures in Internet Cafe

Most of us visit Internet cafes often as it is often faster than our home internet connection so we often go for downloading HD videos , Songs etc, also many people go to internet cafe for official purposes. There they transfer money from their bank accounts, Check mails and do different activities. Here the question arises that is Internet cafes safe? Well sadly the answer is no. Most of the cafes are infected.

You sit down, struggle with the broken keyboard in an internet cafe to email a few friends, pay and leave. And after few days when you try to sign in you see that someone changed your password !

Fake your Geolocation Location in Google Chrome

Now a days there are many websites which use your location to show more relevant information to you like for example if you visit gogle maps they will ask your Geo location to show you the maps.So in that case Your browser will show you a message like allow geo location or deny and it depends on the user what they prefers to do.

Now actually how they determine your location?

URL redirection Vulnerability in Google

URL redirection Vulnerability in Google

An open redirect is a vulnerability that exists when a script allows redirectionto an external site by directly calling a specific URL in an unfiltered,unmanaged fashion, which could be used to redirect victims to unintended,malicious web sites. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect.

A similar vulnerability is reported in Google by "Ucha Gobejishvili ( longrifle0x )". This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers.

How to like stories on your wall in facebook at one click

Do you know? you can like all stories on your wall at one click in facebook. I know its foolish to like all the stories without knowing what they are. But many people do it for fun. And i saw many people who really like all the stories which they see on the wall.
But assume how much time it will take to go on each story and like it. It will take time and effort. 
But I have a nice tool which can save your time and effort both. If you have Google chrome web browser, you can do it at a click. If you do not have Google chrome Browser, you can download it a click.

Force Google Chrome to remember your passwords

Force Google Chrome to remember your passwords

If you want Google chrome to remember your password for each website you use daily, most of the times chrome asks for that. But in some cases it doesn't ask for save passwords. 
If you want your chrome to remember all passwords, you can choose an addon of chrome Autocomplete= on

Add this to your chrome

You can also do this by given trick