Benild Joseph
Benild Joseph

White Hat Hacker

Security Researcher

Author & Podcaster

TEDx Speaker

Benild Joseph
Benild Joseph

White Hat Hacker

Security Researcher

Author & Podcaster

TEDx Speaker

Checklist Contact Me

Blog Post

WhatsApp Proxy Server on AWS

January 11, 2023 AWS, WhatsApp by Benild Joseph
WhatsApp Proxy Server on AWS

How to set up your personal WhatsApp proxy server on AWS 👇

On Jan 5th, 2023, WhatsApp announced launching proxy support for WhatsApp users all over the world (https://blog.whatsapp.com/connecting-to-whatsapp-by-proxy). This feature is helping people to get connected via this app, especially in areas where the app is filtered by governments or other authorities.

To help people to use this feature, I personally (no affiliation with Meta or WhatsApp developers) tried to build a WhatsApp proxy server on the AWS cloud.

NOTE: This article is supposed to be a simple tutorial, not a comprehensive solution. Some modification might be necessary based on different countries filtering system to bypass it.

Since we are going to use AWS cloud services for setting up our server, we need an AWS account. AWS offers free trials/tiers to new users and you can take advantage of this opportunity.

NOTE: If you are not eligible for free tier services, you should expect that setting up a server using this tutorial costs you. It is your responsibility to understand the cost associated with setting up a proxy server using this approach.

There are many articles on the internet on how to sign up for an AWS account. This tutorial assumes that you already have an AWS account and you understand the costs associated with services used in this tutorial.

NOTE: This instruction is written for Linux and Unix-based systems. If you are working from a Windows system, some changes are needed. I tried to mention them briefly.

Creating a VPC

Login to your AWS Console: https://aws.amazon.com/

First, we need to set up a VPC or Virtual Private Network for our proxy server. In your AWS console (https://console.aws.amazon.com/), search for VPC in the search bar (at the top of the page) and click on VPC.

In your VPC dashboard, click on Create VPC button.

Here we are creating an elementary VPC network with 1 availability zone and 1 public subnet. The following screenshot shows the VPC settings for our simple VPC.

Click on Create VPC. After a few seconds. Your VPC is ready. Now it is time to instantiate your EC2 server.

Launching an EC2 Instance

Go back to your AWS console (https://console.aws.amazon.com/). Search for EC2.

First, you need a key pair. In your EC2 dashboard, from the left menu, under Network & Security, click on Key Pairs.

On the new page, give your Key pair a name and click on Create key pair.

NOTE: If you are using Windows OS, you might need to choose .ppk as your key format. Later, you can use your ppk key via PuTTY to log into your AWS EC2 machine.

A new .ppk file (Proxy-Server-A-Key.pem) should be downloaded automatically on your computer. Keep this key in a secure place and never share it with anyone. On my computer, I created a folder called “aws_proxy_server” and I saved the file in the folder. We need this key to access our EC2 machine later.

NOTE: Never ever share your key pair with anyone. This is the key to your VPC server and it is important to keep it in a secure and safe place.

Now that you have your new Key Pair, let’s launch a new EC2 instance.

From the left menu, click on EC2 Dashboard. Then click on the Launch Instance button. Use the following values for setting up your EC2.

You can choose a more powerful instance type, but just remember that the other types are not Free tier eligible (if you are still eligible for Free Tier usage).

For the Key Pair section, remember to select the Key Pair that you just created.

For the Network settings, we need to edit it. Replace the VPC parameter with the VPC that you created. Make sure to also choose your created public subnet for the Subnet parameter. The other Network settings are shown here.

Later, we need to edit our security group inbound rules to accept more ports.

For now, click on Launch instance and wait for a few minutes until your new EC2 machine is running.

So far, the only port that is open on our EC2 system is the SSH port (port 22). We need to open up a few other ports to let users connect to our proxy server and use it.

From the left menu of the EC2 page, under Network & Security, click on Security Groups.

Find “Proxy-Server-A-sg” and click on it. Under the Inbound rules tab, click on Edit inbound rules button. Add the following rules to your Security Group inbound rules.

Saves rules.

Installing WhatsApp Proxy on EC2

So far, we have launched an EC2 system that is acting as our proxy server. But we need to install the necessary software and packages to fully deploy our WhatsApp proxy service. I am following mostly the instruction on the official WhatsApp GitHub page, https://github.com/WhatsApp/proxy/, with a few twists regarding the AWS Linux system.

First, we need to connect to our EC2 machine via ssh. From the left menu of the EC2 dashboard page, select Instances. Check the box next to your instance (I named it Proxy-Server-A). From the bottom of the page, write down your EC2 Public IPv4 address. You need it later when you try to log in to your proxy server from your phone.

Then, on top of the page, click on Connect button. Select the SSH Client tab. Here, you see comprehensive instructions on how to connect to your new EC2 machine.

NOTE: As mentioned, this tutorial is written for Unix-based systems like Linux. If you are using Windows OS, you might need to use applications like PuTTY to connect to your EC2 server. Many articles and tutorials have been published on how to connect to an EC2 machine via PuTTY or similar software.

Open a terminal on your local computer and go to the folder where you saved your Key Pair. First, you need to make sure that your key is not publicly viewable.

chmod 400 Proxy-Server-Key-Pair.pem

Now, you should be able to connect to your EC2 machine via:

ssh -i "Proxy-Server-A-Key.pem" ec2-user@YOUR-EC2-ADDRESS

Note that in the command above, your must replace @YOUR-EC2-ADDRESS with your AWS EC2 address (again you can find the exact bash command under Connect instruction).

At this point, you have successfully connected to your EC2 machine and you are able to run bash commands on it.

First, let’s switch to superuser mode.

sudo su

Then, we need to install git.

yum update -y

yum install git -y

Now, we need to clone the WhatsApp Proxy repository from GitHub.

git clone https://github.com/WhatsApp/proxy.git

It creates a folder, called “proxy”, in your current directory. For example, for me, the created folder is at /home/ec2-user/proxy

Now, we need to install Docker on our EC2 machine.

yum install docker

Answer “yes” (simply “y”) to all questions. After the installation is completed, check if Docker is installed properly via:

docker version

It must return some information about your installed Docker version. For me, the installed version is 20.10.17.

We need to install Docker Compose too. Here are the command lines that do it for us.

# Download the pkg
sudo curl -L https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/bin/docker-compose
# Enable execution of the script
sudo chmod +x /usr/bin/docker-compose

Let’s check if Docker Compose is installed properly too.

docker-compose version

It must return some information about the installed Docker Compose version. For me, the installed version is v2.15.0.

Now, we need to start the Docker daemon.

service docker start

Now, we are almost ready to run our WhatsApp proxy container. Let’s first give it a test.

docker-compose -f /home/ec2-user/proxy/proxy/ops/docker-compose.yml up

It must build the container image and run a container on Docker. If everything went successfully, you can stop it by CTRL+C.

Now, we can run the container as a service (by adding the -d flag).

docker-compose -f /home/ec2-user/proxy/proxy/ops/docker-compose.yml up -d

It must show:

[+] Running 1/1
  Container whatsapp_proxy Started

Testing the Proxy Server on WhatsApp

Now, it is time to connect to your WhatsApp proxy server from your WhatsApp app.

Open WhatsApp on your phone. Go to Settings >> Storage & Data >> Proxy

Here, turn on Use Proxy and enter your EC2 Public IPv4 address (you wrote it down in one of the previous steps), and use port 5222. For example, mine is like this:

200.21.65.130:5222

Hit Save and if everything is done correctly, you must see a green-colored “Connected” on your page.

If port 5222 is not working, try ports 80, 8080, 443, 8222, or 8443.

Close and enjoy your personal WhatsApp proxy.

A Reminder

An EC2 machine might have associated costs. Please remember to terminate or stop your EC2 machine if you are not going to use it anymore.

Again, based on different filtering systems, one, a few, or none of these ports might work.

Taggs: