This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Does anyone know how to capture facebook chat or where / how to look at messages sent and received, along with other messenger messages and email.

I am using ARP poisoning to capture traffic to a machine from the suspect device and router, and then wireshark to capture all the traffic which appears to be working. just now need to know which packets to look at and how to read the messages.

asked 28 Feb '15, 14:18

new2geeky's gravatar image

new2geeky
6112
accept rate: 0%

edited 28 Feb '15, 14:39

grahamb's gravatar image

grahamb ♦
19.8k330206


First of all I hope you're not doing anything illegal here - ARP cache poisoning is a network attack unless you use it for your own traffic, or in a network where you're allowed to do it (test/lab environments).

Second, you're not going to be able to read the packets, because Facebook and all other messengers use SSL layer encryption by default. So without the private encryption keys (either Facebooks, which you're not going to get, or the one on the local machine, which you may have access to) you're not going to see clear text, no matter what you do.

permanent link

answered 28 Feb '15, 14:30

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Hi Jasper and thanks for the reply. Not doing anything illegal as it is traffic on my private LAN (house) which i pay for the internet connection to!

The problem i have is that i think one of my children is getting themselves into something they really should not be. So that i know one way or the other i need to stealthily look at what is going on and if my fears are correct i can deal with that as stealthily!

They are using an android phone which i have no access to, any help greatly appreciated.

(28 Feb '15, 15:57) new2geeky

Okay, in that case you're out of luck. You might be able to force them through a proxy like Fiddler, but they WILL notice (if you do man-in-the-middle via Fiddler the SSL certificate will show a big red warning to them).

Also, you'd have to force their phones to go through the proxy, which is hard to do without their help. So I'm sorry to say that there is no stealthy way of doing this.

(28 Feb '15, 16:29) Jasper ♦♦

They are using an android phone which i have no access to, any help greatly appreciated.

wait a moment. You are willing and able to do ARP spoofing and capturing traffic of the device!

So, what stops you from rooting the mobile phone and installing some spy software parental control tools?

(03 Mar '15, 10:15) Kurt Knochner ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×16
×4

question asked: 28 Feb '15, 14:18

question was seen: 16,842 times

last updated: 03 Mar '15, 10:15

p​o​w​e​r​e​d by O​S​Q​A