Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@wppconnect/server
Advanced tools
Projeto feito para autenticar a automomacao do WhatsappWeb com multi-clientes de forma dinamica. Backend feito em Nodejs(express, socketio), FrontEnd (ReactJS)
Welcome to the WPPConnect Server repository, developed by the WPPConnect Team. Our mission is to provide a robust and ready-to-use API for seamless communication with WhatsApp. The server is designed to streamline the process of sending and receiving messages, managing contacts, creating groups, and much more, all while leveraging the power of JavaScript ES6, NodeJS, and a RESTful architecture.
Connect with us across various platforms to stay updated and engage in discussions:
Detailed documentation and guides are available for your convenience:
Multiple Sessions | ✔ |
Send text, image, video and docs | ✔ |
Get contacts list | ✔ |
Manage products | ✔ |
Receive/Send messages | ✔ |
Open/Close Session | ✔ |
Change Profile/Username | ✔ |
Create Group | ✔ |
Join Group by Invite Code | ✔ |
Webhook | ✔ |
Install the dependencies and start the server.
yarn install
//or
npm install
sudo apt-get install -y libxshmfence-dev libgbm-dev wget unzip fontconfig locales gconf-service libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils libvips-dev
wget -c https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
sudo apt-get update
sudo apt-get install libappindicator1
sudo dpkg -i google-chrome-stable_current_amd64.deb
If you encounter installation issues, please try the procedures below . Error Sharp Runtime
yarn add sharp
npm install --include=optional sharp
//or
yarn add sharp --ignore-engines
yarn dev
yarn build
This server use config.ts file to define some options, default values are:
{
/* secret key to genereta access token */
secretKey: 'THISISMYSECURETOKEN',
host: 'http://localhost',
port: '21465',
// Device name for show on whatsapp device
deviceName: 'WppConnect',
poweredBy: 'WPPConnect-Server',
// starts all sessions when starting the server.
startAllSession: true,
tokenStoreType: 'file',
// sets the maximum global listeners. 0 = infinity.
maxListeners: 15,
// create userDataDir for each puppeteer instance for working with Multi Device
customUserDataDir: './userDataDir/',
webhook: {
// set default webhook
url: null,
// automatically downloads files to upload to the webhook
autoDownload: true,
// enable upload to s3
uploadS3: false,
// set default bucket name on aws s3
awsBucketName: null,
//marks messages as read when the webhook returns ok
readMessage: true,
//sends all unread messages to the webhook when the server starts
allUnreadOnStart: false,
// send all events of message status (read, sended, etc)
listenAcks: true,
// send all events of contacts online or offline for webook and socket
onPresenceChanged: true,
// send all events of groups participants changed for webook and socket
onParticipantsChanged: true,
// send all events of reacted messages for webook and socket
onReactionMessage: true,
// send all events of poll messages for webook and socket
onPollResponse: true,
// send all events of revoked messages for webook and socket
onRevokedMessage: true,
// send all events of labels for webook and socket
onLabelUpdated: true,
// 'event', 'from' ou 'type' to ignore and not send to webhook
ignore: [],
},
websocket: {
// Just leave one active, here or on webhook.autoDownload
autoDownload: false,
// Just leave one active, here or on webhook.uploadS3, to avoid duplication in S3
uploadS3: false,
},
// send data to chatwoot
chatwoot: {
sendQrCode: true,
sendStatus: true,
},
//functionality that archives conversations, runs when the server starts
archive: {
enable: false,
//maximum interval between filings.
waitTime: 10,
daysToArchive: 45,
},
log: {
level: 'silly', // Before open a issue, change level to silly and retry a action
logger: ['console', 'file'],
},
// create options for using on wppconnect-lib
createOptions: {
browserArgs: [
'--disable-web-security',
'--no-sandbox',
'--disable-web-security',
'--aggressive-cache-discard',
'--disable-cache',
'--disable-application-cache',
'--disable-offline-load-stale-cache',
'--disk-cache-size=0',
'--disable-background-networking',
'--disable-default-apps',
'--disable-extensions',
'--disable-sync',
'--disable-translate',
'--hide-scrollbars',
'--metrics-recording-only',
'--mute-audio',
'--no-first-run',
'--safebrowsing-disable-auto-update',
'--ignore-certificate-errors',
'--ignore-ssl-errors',
'--ignore-certificate-errors-spki-list',
'--disable-features=LeakyPeeker' // Disable the browser's sleep mode when idle, preventing the browser from going into sleep mode, this is useful for WhatsApp not to be in economy mode in the background, avoiding possible crashes
],
},
mapper: {
enable: false,
prefix: 'tagone-',
},
// Configurations for connect with database
db: {
mongodbDatabase: 'tokens',
mongodbCollection: '',
mongodbUser: '',
mongodbPassword: '',
mongodbHost: '',
mongoIsRemote: true,
mongoURLRemote: '',
mongodbPort: 27017,
redisHost: 'localhost',
redisPort: 6379,
redisPassword: '',
redisDb: 0,
redisPrefix: 'docker',
},
// Your configurations yo upload on AWS
aws_s3: {
region: 'sa-east-1',
access_key_id: '',
secret_key: '',
// If you already have a bucket created that will be used. Will bestored: you-default-bucket/{session}/{filename}
defaultBucketName: ''
},
}
Your secretKey
is inside the config.ts
file. You must change the default value to one that only you know.
To generate an access token, you must use your SECRET_KEY
.
Using the route:
curl -X POST --location "http://localhost:21465/api/mySession/THISISMYSECURETOKEN/generate-token"
{
"status": "Success",
"session": "mySession",
"token": "$2b$10$duQ5YYV6fojn5qFiFv.aEuY32_SnHgcmxdfxohnjG4EHJ5_Z6QWhe",
"full": "wppconnect:$2b$10$duQ5YYV6fojn5qFiFv.aEuY32_SnHgcmxdfxohnjG4EHJ5_Z6QWhe"
}
Save the value of the "full" response. Then use this value to call the routes.
#Starting Session
# /api/:session/start-session
curl -X POST --location "http://localhost:21465/api/mySession/start-session" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer \$2b\$10\$JcHd97xHN6ErBuiLd7Yu4.r6McvOvEZZDQTQwev2MRK_zQObUZZ9C"
#Get QrCode
# /api/:session/start-session
# when the session is starting if the method is called again it will return the base64 qrCode
curl -X POST --location "http://localhost:21465/api/mySession/start-session" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer \$2b\$10\$JcHd97xHN6ErBuiLd7Yu4.r6McvOvEZZDQTQwev2MRK_zQObUZZ9C"
#Send Message
# /api/:session/send-message
curl -X POST --location "http://localhost:21465/api/mySession/send-message" \
-H "Content-Type: application/json; charset=utf-8" \
-H "Accept: application/json" \
-H "Authorization: Bearer \$2b\$10\$8aQFQxnWREtBEMZK_iHMe.u7NeoNkjL7s6NYai_83Pb31Ycss6Igm" \
-d "{
\"phone\": \"5511900000000\",
\"message\": \"*Abner* Rodrigues\"
}"
See the routes file
for all the routes. here and HTTP file.
Swagger ui can be found at /api-docs
FAQs
Projeto feito para autenticar a automomacao do WhatsappWeb com multi-clientes de forma dinamica. Backend feito em Nodejs(express, socketio), FrontEnd (ReactJS)
The npm package @wppconnect/server receives a total of 21 weekly downloads. As such, @wppconnect/server popularity was classified as not popular.
We found that @wppconnect/server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.