Forum Thread: [Help] Sniff BBM, WhatsApp, or Facebook Messages

Hello guys, Any way to do it please?

Thanks in forward <3

Our Best Hacking & Security Guides

New Null Byte posts — delivered straight to your inbox.

18 Responses

Perhaps you could be a bit more clear. What are you sniffing for? What goal do you have in mind?

I want to view chats and stuff

Now that facebook has changed its connection method to https its not really just a 2 second job.

what about BBM? or WhatsApp? on iPhone or android..

Never had a play with either so couldn't really comment sorry. Best bet is to install them on a phone you have control of, use them, sniff the packets they are sending and then work out where to go from there

If they're on a WiFi network, have you thought of using an Evil Twin AP attack?

How about a Man in the Middle attack?

What about building a javascript trojan and then sending the victim to a fake website using social engineering?

Do a bit of research before you blatantly ask us to do it for you.


you said man in the middle attack... this isnt going to work with those kind of messengers...

and can I build javascript trojan for iphone? ios 7.1.1?

I dont think so...

Any suggestions?

Oh phones, sorry. Thought you were talking computers. My mistake.


Ahmed, did you have any luck sniffing the packets via Wifi?

I'm actually quite keen to see how this goes and invest some time in helping (I'm currently playing (and succeeding with scary ease) with sniffing GSM packets so fits in well) so let me know where you're at.

Ahmed, again you are giving me some work :) .

Victim using same wifi as you:

Just use wireshark and sniff some traffic from his/her phone and check the payload for messages(Might be encoded = Bad).

Victim not in same wifi:

You could use some old school social engineering skills and get she/he to visit your malicious link to download a file(payload), and you can figure out the rest. OR just send a file(payload) with your phone and tell it's a somekind of app of interest for your victim(More legit).If you got skills, you could change your MAC address of your phone and login as someone else in whatsapp and let messages to come for you.

Btw,Use your imagination and try to find an security hole/bug in bbm or whatsapp and use it to do something great!
P.S:Just let go the facebook idea... Facebook is the mastermind of security nowadays.

I wouldn't go so far with your facebook praise. You COULD still use the 0auth flaw if you really wanted, but its implementation is difficult and it still requires social engineering, AND a knowlege of coding for android/IOS neither of which are 2 seconds to learn. Unless of course you happen to be a skilled Java programmer to begin with, then android would be fairly easy

Plus, I'm not 100% but I'm fairly confident, Whatsapp would use the users IMEI number to check the receiver, not MAC. A different kettle of fish entirely to change. (read, very F*KING difficult)

Kid,You are being offensive ?
Whatsapp is using a Mac address for verification.
Android language takes minimum 24h to learn, 12h if you already know Java.
btw,0ath flaw is "pain in the ass" method.
And yes, your writing is so bad, It is really fucking hard to read your text.

... I'm actually unsure how to respond to this. The sheer level of both ignorance and arrogance in your post, is enough to give anyone unfortunate enough to read it a headache.

Whatsapp uses MAC on IOS and a reversed form of IMEI number (run through MD5) on android (here is a whole page of citations

I believe in your response you mean to say a MAXIMUM of 24 hours to learn (which is bullshit, Java alone takes more than 24 hours of coding to become proficient), otherwise your just agreeing with me that its not a 2 second job.

I've stated in my post that 0auth is a pain in the ass, not quite so eloquently "btw" so I'm not sure why the fuck you have used quotation marks.

Also please don't call me on my grammar again, the fact that english is your second language is so painfully obvious in most of your posts it's actually painful, yet I don't point it out as I much prefer it when we all get along in happy harmony.

Now kindly go fuck yourself and have a nice day, fucking asshat.

Yea, It's really though when your dad beats you all day.
I leave this here because I am not going to speak with kids.


There is no need to go off like that; we're all like-minded individuals. How about a bit of unity here?


You found a way to sniff on it? Thanks

Share Your Thoughts

  • Hot
  • Active