WhatsApp dissector plugin for Wireshark


Published: February 2013

Here is one of the projects I've been working lately. It's a plugin for wireshark which dissects WhatsApp protocol. 

The protocol dissects the packets and analyses the content showing it in a tree view (like WA internal representation). While there's a lot of room for improvement it just works.

It's important to say that in order to fully dissect the protocol you need the key (aka password) for the particular used as well as the handshake packet. The password and the handshake are used to derive the session key, so without them it's impossible to decrypt the crytpted stream (seems to me that bruteforcing can be discarded, it's a 160 bit RC4 stream cipher).

Wireshark in action with WhatsApp plugin

Sources

The sources are available at https://github.com/davidgfnet/wireshark-whatsapp