proxy icon indicating copy to clipboard operation
proxy copied to clipboard

Published 20 hours ago verified publisher icon WhatsApp

Message encryption between a proxy server and WhatsApp servers

Open gary-RR opened this issue 2 years ago • 2 comments

@slawlor

When we specify port 443 in the proxy setting, does it use SSL, or are messages exchanged unencrypted?

If I do: curl http://PROXY_IP:443 I get a response from the proxy, meaning the messages are exchanged unencrypted.

If I do curl https://PROXY_IP:443 It throws a cert trust exception which makes sense as the cert is self-signed.

The big question is are messages exchanged between the proxy server and WhatsApp servers unencrypted even if port 443 is specified?

As a side note, when proxy info is typed in, it only allows IP/Server names and wouldn't allow "https://" for port 443. Thanks.

gary-RR avatar Jan 14 '23 12:01 gary-RR

How did you setup your proxy host? What is your configuration? Did you customize it at all?

What's the response via curl, it should be not an HTTP response since this proxy is not an HTTP proxy. Curl is technically the wrong tool here to be honest, since this is a pure TCP proxy, your request should hang and likely timeout. But if you have something running in front of your proxy it may be replying and not forwarding the request.

The underlying connection between your client and WhatsApp servers is ALWAYS encrypted, but 443 adds an additional encryption on TOP of the one that's always running anyways. Essentially if you use :443 it's

  1. TLS encrypted between your device and the proxy of
  2. An encrypted channel between your device and WhatsApp servers sending
  3. Encrypted messages between your device and your intended recipient.

So if you're chatting with someone there is at least 2 layers, potentially 3 layers of encryption going on.

slawlor avatar Jan 14 '23 13:01 slawlor

No customization.

curl http://Proxy_IP:443, yields curl: (52) Empty reply from server

curl https://Proxy_IP:443 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it

Ok, so you are saying it's raw encrypted TCP and 443 adds TLS encryption. So how does TLS handshake occur if a self-signed cert is used?

Thanks.

gary-RR avatar Jan 14 '23 14:01 gary-RR