

Show HN: Web client for WhatsApp - sgehlich
http://whatsapp.filshmedia.net

======
tluyben2
I wish Whatsapp would make their system more secure, remove that one-device at
a time non-sense and then provide a nice official API and voice chat for it.

------
FiloSottile
And.. just as a reminder. You know that they say that your messages are
encrypted on the wire? Well, <http://pastebin.com/g9UPuviz> ; Or that they are
encrypted when stored on the phone? <http://forum.xda-
developers.com/showthread.php?p=24569917>

------
sidcool
A great idea indeed! My only concern is privacy. I shudder at the thought of
sharing my phone number/IMEA number online.

~~~
sgehlich
Actually this is not a real tool that you should use every day. I just created
that to clarify and demonstrate the insecure authentication and message
transmission methods of WhatsApp.

~~~
eLobato
Still you'd be able to save the number-imei then post on our behalf to
Whatsapp.

------
smoyer
Rightfully scary ... Why would you eschew the well defined protections of XMPP
in the first place? You could still place your "proprietary control
characters" inside the Jabber messages.

I'll stay well clear of WhatsApp until they get this fixed!

~~~
bashzor
Why scary? I can login with Gmail on a website too; it's not like your IMEI is
public data. And yes, you can also forge gmail's website when you can wiretap
a network (ok it's probably hard with https, but on most sites you can), so
don't claim you can wiretap the MAC address or IMEI to hack your Whatsapp.

~~~
gbaygon
The IMEI can be obtained dialing *#06# on most phones, so anyone that has
physical access to your phone once can use it to access your whatsapp account
anytime.

~~~
skrebbel
which would make WhatsApp about as easy to spoof as SMS. Oh no!

------
bvdbijl
Here's a python API that I made but didn't upload till now
<https://github.com/boukevanderbijl/python-whatsapi>

------
slig
How does WhatsApp deal when you change your SIM card into a new phone? I mean,
how does it know it's you on your new phone?

~~~
bvdbijl
When you install you make a new password by sending an SMS to your phone to
verify that you actually own the number.

If you change a SIM card in a phone it will keep using the same Whatsapp
number

~~~
sgehlich
I like the use of the word "password". If they would at least implement a
password, the whole thing would be a lot more secure.

~~~
bvdbijl
They should have made the password random, it's saved anyways.

------
darkhorn
I don't have a smart phone. How I can request a activation code?

~~~
skinnymuch
Bluestacks, the project bringing Android to desktop and currently on Windows
and Mac has Whatsapp. Could try that.

Sort of related, is there any way to get an activation code without a proper
mobile number? I know I should try Twilio and other options first, but I did
just try Google Voice and it didn't seem to work. I could be wrong though. So
might as well try asking.

~~~
darkhorn
Thanks! I've activated my number. However I cannot get the IMEI. It has very
poor UI. There is no UI for dialing.

Edit: there is apps to download which shows your IMEI.

~~~
skant
BlueStacks developer here: Glad it worked for you :)

------
janmonschke
Would love to see Emoji support in there ;)

------
wmw
are you willing to open source that api port?

~~~
alifaziz
..and here is JavaScript WhatsApp web client
<https://github.com/waalt/webclient>

~~~
sah2ed
The index.htm page crashes in Chrome (Version 21.0.1180.89) with the "Aw,
Snap!" error. The issue seems to be the direct manipulation of the ".class"
attribute of some object in JS.

