How can I follow messages sent over a mobile phone with WhatsApp Messenger in a local wlan?

asked 22 Jan '12, 01:39

Anon's gravatar image

Anon
84237
accept rate: 16%

edited 22 Jan '12, 07:55

helloworld's gravatar image

helloworld
2.8k21940


There is even an easier way to follow the conversations, if you use only the filter expression ssl contains F8:03:83:BD:AD you get the same result.

The structure of WhatsApp-messages looks like this:

Incoming WhatsAppMessage

00:[LENGTH]:{ #Header# F8:[LENGTH]:{ #CallingNumber# 5D:38:FA: FC:[LENGTH]:{ASCII}: #UserID# 8A:43: FC:[LENGTH]:{ASCII}: #MessageID# A2:1B:9D: FC:[LENGTH]:{ASCII}: } #Content# F8:[LENGTH]:{ #Name# F8:[LENGTH]:{ 65:BD:AE:61: FC:[LENGTH]:{ASCII}: } #Seperator ???# F8:[LENGTH]:{ 83:BD:AD: } #MessageText# F8:[LENGTH]:{ 16: FC:[LENGTH]:{ASCII}:
} #Date (optional)# F8:[LENGTH]:{ 25:BD:AB:38:8A:92: FC:[LENGTH]:{ ASCII: ### YYYY-MM-DD "T": ASCII: ### HH:MM:SS }
5A:66: } #Date (optional)# F8:[LENGTH]:{ BA:BD:4E:92: FC:[LENGTH]:{ ASCII: ### YYYYMMDD "T": ASCII: ### HH:MM:SS }
} } }

Outgoing WhatsAppMessage

00:[LENGTH]:{ #Header# F8:[LENGTH]:{ #CallingNumber# 5D:A2:1B:A0:FA: FC:[LENGTH]:{ASCII}: #UserID# 8A:43: FC:[LENGTH]:{ASCII}: } #Content# F8:[LENGTH]:{ #MessageText# F8:[LENGTH]:{ 16: FC:[LENGTH]:{ASCII}:
} #Seperator ???# F8:[LENGTH]:{ 83:BD:AD: } #EndOfMessage ???# F8:[LENGTH]:{ BA:BD:4F: F8:[LENGTH]:{ F8:[LENGTH]:{ 8C } }
} } }

link

answered 25 Mar '12, 09:08

Anon's gravatar image

Anon
84237
accept rate: 16%

edited 26 Mar '12, 05:00

Hello, above filter isn't working. Maybe due to my Wireshark configuration. I'm using a Mac (OS 10.7.3) in a wireless network (Netgear WNR2000 (WPA2)). Any suggestions on tutorials setting up Wireshark and configuring right filters for Whatsapp reading? Thanks, Stan

(23 May '12, 01:19) jojo
-2

Use the filter expression: --- (ssl contains f8:08:5d:a2 and ssl contains f8:02:16:fc) or (ssl contains f8:0a:5d and ssl contains bd:ae:61:fc) --- and you get only the relevant packets.

link

answered 22 Jan '12, 01:41

Anon's gravatar image

Anon
84237
accept rate: 16%

edited 22 Jan '12, 01:41

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×185
×42
×5

Asked: 22 Jan '12, 01:39

Seen: 45,485 times

Last updated: 23 May '12, 01:24

powered by OSQA