I am trying to analyse what is being exchanged between an Android device and browser during WhatsApp Web initialization (when scanning the QR code).
The mechanism has being described in a post here: Mechanism behind QR code scanning of WhatsApp web/desktop app
The thing is I am unable to see the traffic from Android device once the QR code is scanned. Using tpacketcapture all looks encrypted.
I also tried using Burp suite with its cert in the device to mimic MITM to see https traffic but I can't see any WhatsApp traffic.
WhatsApp doesn't use HTTPS?
Any idea how to analyse the parameters exchanged during WhatsApp Web session of it is even possible.
