Instant messaging security analysis

kamilbauma · January 2022

Hello Everyone,

Recently, I was interested in the issue described in the topic and how it would be possible to perform sample tests
and what tools could be used in such a case.

What I mean here is to show how End to End (E2EE) encryption works and other examples of this type.

I read the white papers of messengers like (Wire, Skype, Threema, WhatsApp).

The problem is that I don't know exactly what I'm looking for as I'm new to this IT field.

Application / Manual that will allow me to compare the previously mentioned communicators by research (using Wireshark or something else ...). Something that will allow me to examine the communication between these communicators.

The only thing I got to myself was the possibility to create, for example, my own OpenFire server and to open 2 clients on different virtual machines.

JDMurray · January 2022

IM relies on standardized, secure, connection-oriented communications protocols, such as HTTPS (TLS), FTPS (SSL), and SFTP (SSH). Some IM app designs may alter or encapsulate these standardized protocols a bit to try and make them more indecipherable and proprietary. The information moving between the IM clients and servers will be in a standard data format, such as JSON or XML, and use Base64 encoding for binary (image) data and possibly data compression (gzip) for file transfer or extra encryption (bcrypt). Multiple IM client sessions connecting to the same IM server can be multiplexed over a single TCP connection using a Session Layer handshake protocol of your own devising.

If you know some basic programming, you can easily create your own IM client and server programs. This is a good project for learning C# or Python and you'll learn a lot about how network client-server communications works.

Instant messaging security analysis

Comments