WhatsApp dissector for Wireshark


Here is one of the projects I've been working lately. It's a plugin for wireshark which dissects WhatsApp protocol. 

The protocol dissects the packets and analyses the content showing it in a tree view (like WA internal representation). While there's a lot of room for improvement it just works.

It's important to say that in order to fully dissect the protocol you need the key (aka password) for the particular used as well as the handshake packet. The password and the handshake are used to derive the session key, so without them it's impossible to decrypt the crytpted stream (seems to me that bruteforcing can be discarded, it's a 160 bit RC4 stream cipher).

 

 Wireshark in action with WhatsApp plugin

 

Sources

The sources are available at https://github.com/davidgfnet/wireshark-whatsapp

Binaries

Linux binaries can be found at launchpad: https://launchpad.net/~wireshark-whatsapp/+archive/ubuntu/ppa

Windows binaries for 32 bit wireshark can be found here: https://www.gosell.it/product/whatsapp-dissector-for-wireshark-26