network-programmingsslreverse-engineeringwiresharkwhatsapp

whatsapp sniffing ssl traffic with wireshark


I've been reading a lot of things about sniffing whatsapp traffic and I already know is over ssl. But I need to know if is there any way to decrypt this ssl traffic once I dont know what is the private key that whatsapp is using for encrypting.

So how could I discover which certificate is being used or whether exists another way to decrypt those messages?

I dont want to read anybody's chats, my intention is really se the protocols messages through the network. To understand, make a reverse engineering and elaborate a simple JAVA api to personal job purposes.

I'm using wireshark to read the ssl traffic.

screenshot of a capture of a whatsapp chat


Solution

  • You can try a Man-in-the-middle attack using a proxy software that can generate a fake SSL cert, but it won't always work. Some of these apps using certificate pinning to prevent exactly this type of attack.

    HTTP proxy:
    http://fiddler2.com/get-fiddler
    This software generates a obvious fake cert that you are able to accept if the app will allow.

    Certificate Pinning:
    https://security.stackexchange.com/questions/29988/what-is-certificate-pinning