What you will need: Computer running Windows 7, Wyze Cam V2, Cain and Abel (ARP andMITM Toolkit)
Step 1: Open Cain and Abel, turn on the sniffer and scan the network for the camera and the gateway.
Step 2: Under the ARP tab select the gateway and Wyze Cam as targets
Step 3: Letting Cain and Able generate its own self signed certs for each connection seems to work but I’ve opted for chained certs based on my own CA cert.
Step 4: With Cain and Abel’s default settings hitting the big yellow button will turn on ARP spoofing and the generation of self-signed certificates for all SSL connections
Step 5: If ARP spoofing is successful, we will start to see routed connections listed below
Step 6: When a motion alert is triggered the Wyze Cam connects out to wyze-device-alarm-file.s3.us-west-2.amazonaws.com, accepts the chained self-signed cert from Cain and Abel and a text file of the transaction is captured in cleartext.