ammartiger avatar

@ammartiger

in /hacking 2 days ago

Signup / Login

Locating WhatsApp User IP address

Ever wondered if you can pull someone’s real IP from a WhatsApp voice/video call? Turns out yes — but only if they actually pick up the call (peer-to-peer STUN negotiation leaks it in many cases).

This is a classic network sniffing technique. WhatsApp calls often try direct P2P for low latency, exposing public IPs via STUN packets unless the caller has “Protect IP address in calls” enabled in settings (it’s off by default for many).

Here’s the step-by-step (tested conceptually, works as of recent checks):

1.  Install Wireshark → Free packet sniffer: https://www.wireshark.org/

2.  Note your own PC’s IP (cmd: ipconfig or Settings → Network). This helps you spot your traffic vs theirs.

3.  Launch Wireshark → Select your active network interface (Wi-Fi/Ethernet), start capture.

4.  Apply a filter → In the filter bar, type: stun (or more precise: stun && ip.src != your_own_ip to exclude your side). Hit Enter.

5.  Make/Receive the WhatsApp call → Use WhatsApp Desktop or phone (Desktop easier for capture). Let the other person answer the call.

6.  Spot the STUN traffic → Look for STUN Binding Requests/Responses (UDP packets usually). In the packet details:

•  You’ll see Mapped-Address or XOR-Mapped-Address attributes.

•  The IP that’s not yours (and not WhatsApp servers) is likely the caller’s public IP.

7.  Verify & geolocate → Plug the IP into a lookup site (ipinfo.io, whatismyipaddress.com, etc.) for rough location/ISP.

Key caveats (important!):

•  Only works on answered calls — unanswered = no P2P setup.

•  Many users now have IP protection on → forces relay through WhatsApp servers (hides real IP).

•  VPNs/Tor on their end mask it.

•  Mobile data vs Wi-Fi can differ.

•  This is for awareness — scammers use this too, so protect yourself!

Full guide + more WhatsApp OSINT tips (username checks, profile analysis, etc.) here:

https://osint.cavementech.com/social-media/whatsapp

What’s your experience? Does this still work reliably in 2026, or has Meta patched/relayed more calls? Drop tips/filters below — let’s discuss! (Always ethical hacking only.)

Stay sharp & stay legal! 🔍

Whatsapp | OSINT - Featured Image

Whatsapp | OSINT

osint.cavementech.com - faviconosint.cavementech.com
2Score: 2

0 Comments