WhatsApp has two different types of clients:
1- WhatsApp thick client (Desktop client) is built with the End-to-End encryption capability, which prevents any intermediary device to terminate the traffic for inspection. This was achieved by avoid the use of the Certificate trust stores on the end point and by hard coding it on the application. For this reason the thick client is not supported by Cloudsoc Gatelet.
2- WhatsApp thin client (On browser). This client relies on the browser for the SSL Trust, thus it can be controlled and it can be sanctioned in both of the supported deployments (Proxy Chaining or WSS Agent). This article covers this use case.
1- Define a custom Gatelet with the WhatsApp URL's
2- Define a Cloudsoc Policy (Access Enforcement Policy):
3- Wait for WSS to Sync the new Gatelet (WSS Portal)
4- Login to WhatsApp on the browser (Web App) and Generate some file transfer traffic to WhatsApp by uploading or downloading files
5- Observe the new events on Investigate (Expected: to populate new events of the custom Gatelet)
6- Verify the details of the policy violation events
7- This works with both the proxy forwarding and the WSS Agent deployment