cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DptoRedes
Level 7
Report Inappropriate Content
Message 1 of 3
‎10-22-2019 01:35 AM

WhatsAppWeb attachments

Hi, I've been trying to create a rule wich blocks all the attachments on a WhatsAppWeb conversation but ain't got success.

It's really hard to see all the connections because the traffic it's encrypted and i can't see nothing on troubleshooting. I try to exclude the URL in 'SSL No Decrypt' list but, this way, i can't even log on (not appears de QR code).

The Rule I created it's defined with the following criteria:

URL.Host matches
mmx.cdn.whatsapp.net

*web.watsapp.com*

*mmg.whatsapp.net*

AND

Authentication.UserName equals [my user]

AND

MediaType.EnsuredTypes at least one in list [file list set on my own]

Please, I need help, any recommendation?

Thanks.

0 Kudos
Reply
2 Replies
aloksard
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3
‎10-22-2019 05:21 PM

Re: WhatsAppWeb attachments

Hi,

Hope you are doing well.

 

While accessing WhatsApp through browser , an QR code needs to be scanned.

 

While accessing https://web.whatsapp.com/   QR code is being required which is seen to be working on Web Socket protocol which does not work with SSL Scanner enabled.  You can import our Web Socket handling rule set and add *web.whatsapp.com*  in it.

 

MWG cannot get granular filtering for WhatsApp, because: -

 

Whatsapp uses "blob" type of URL to do this task cleverly. 'blob' URL is nothing but a form of javascript, usually starts with the syntax blob followed usual https URL that refer to the temporary location where the file is saved . The file may be a text message, thumbnail or image 

 

 

 

If you enable SSL Scanner for whatsapp traffic, then it will have issues as in web.whatsapp there is an QR code which first needs to be scanned. Which does not work as it uses web socket protocol. You will have to import web socket rule from rule set library and add URL *web.whatsapp.com* in it.

 

 

We can only achieve what is mentioned in below links for WhatsApp filtering :-

 

 

https://support.symantec.com/en_US/article.TECH246174.html

 

 

https://www.linkedin.com/pulse/how-can-i-stop-whatsapp-from-uploading-files-hasan-jradi

 

 

WhatsApp Upload control and text messages are handled by chat servers associated to the domains {c|d|e}X.whatsapp.net (X is an integer changing for load balancing), whereas multimedia contents are handled by multimedia (mm) servers associated to the domains "mmsXYZ.whatsapp.net" for audio transfer, "mmiXYZ.whatsapp.net" for photo transfers, and "mmvXYZ.whatsapp.net" for videos

 

 

To stop Whatsapp from sending media or document files, You can create a rule to block and redirect any request to mm*.whatsapp.net* and pp*.whatsapp.net*

 

Regards

Alok Sarda

 

0 Kudos
Reply
ISF
Level 7
Report Inappropriate Content
Message 3 of 3
‎04-27-2022 04:15 AM

Re: WhatsAppWeb attachments

Hi,

in order only to login and text in WhatsApp web, but block any type of media or document.

You can use URL Filtering rule set, select the rule Block URLs That Match in URL Blocklist.

add multiple wildcard expressions:

*me**.fna.whatsapp.net*
*me**.cdn.whatsapp.net*
*mmg.whatsapp.net/*mode=auto&mms-type=image&__wa-mms=*
*mmg.whatsapp.net/*mode=auto&mms-type=video&__wa-mms=*
*mmg.whatsapp.net
*mmg.whatsapp.net/*=manual&mms-type=image&__wa-mms= whatsapp web files download block
*mmg.whatsapp.net/*=manual&mms-type=video&__wa-mms= whatsapp web files download block
*mmg.whatsapp.net/*=auto&mms-type=thumbnail-link&__wa-mms=
*mmg.whatsapp.net/*=manual&mms-type=thumbnail-link&__wa-mms=
*mmg.whatsapp.net/*=auto&mms-type=document&__wa-mms=
*mmg.whatsapp.net/*=manual&mms-type=document&__wa-mms=

Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC