4

I am trying to capture WhatsApp network requests and not able to do it using Fiddler.

This is what I did:

  1. Installed Fiddler.
  2. Exported Root certificate and installed on my Android device.
  3. I modified my network proxy in Android device.
  4. It is working fine for HTTP and HTTPS connections, not sure about what WhatsApp API is using.

I am able to capture and decrypt HTTPS data from other applications like Gmail.

Varun Kakumani
  • 43
  • 1
  • 4

2 Answers2

4

According to the paper "WhatsApp network forensics: Decrypting and understanding the WhatsApp call signaling messages" from 2015 WhatsApp does not use HTTP(S) but:

WhatsApp uses the FunXMPP protocol for message exchange which is a binary-efficient encoded Extensible Messaging and Presence Protocol (XMPP)

Which means that you will not be able to intercept the traffic with Fiddler. Read the paper for more details about the protocols, the encryption used and how you could intercept and decrypt the data.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
0

You do not need to export the Fiddler root certificate. I recommend you to install the Fiddler Addon called: "CertMaker for iOS and Android" which can be found here as there are apparently issues with the default interception certificates.

Quote:

iOS devices and Android devices may not work with the default HTTPS interception certificates used by Fiddler. To resolve this incompatibility, you may install a Certificate Generating plugin that generates interception certificates compatible with those platforms.

Hope this helps.

Jeroen
  • 5,783
  • 2
  • 18
  • 26