I've been reading a lot of things about sniffing whatsapp traffic and I already know is over ssl. But I need to know if is there any way to decrypt this ssl traffic once I dont know what is the private key that whatsapp is using for encrypting.
So how could I discover which certificate is being used or whether exists another way to decrypt those messages?
I dont want to read anybody's chats, my intention is really se the protocols messages through the network. To understand, make a reverse engineering and elaborate a simple JAVA api to personal job purposes.
I'm using wireshark to read the ssl traffic.
You can try a Man-in-the-middle attack using a proxy software that can generate a fake SSL cert, but it won't always work. Some of these apps using certificate pinning to prevent exactly this type of attack.
HTTP proxy:
http://fiddler2.com/get-fiddler
This software generates a obvious fake cert that you are able to accept if the app will allow.
Certificate Pinning:
https://security.stackexchange.com/questions/29988/what-is-certificate-pinning