Wireshark mailing list archives
Re: Support for TLS1.2 decryption using derived keys
From: webpentest <webpentest () gmail com>
Date: Fri, 1 May 2020 14:39:28 +0300
Hello Peter, On 01.05.2020 01:23, Peter Wu wrote:
1. A generic way to export schannel key material in SSLKEYLOG-like format using elevated privilege and lsass.exe debugging / memory. Preferably - the data that wireshark supports already - master secret for tls <= 1.2 and the intermediate traffic secrets for tls 1.3That would be great :-)
I wrote a script to do that and documented its usage on http://b.poc.fun/sslkeylog-for-schannel/. It is in now way generic (yet), but I successfully use in my research. Feel free to give it a go! The main problem really is to get crandom and correlate it with master key. It is currently win-10 only, TLS1.2-only, does not work with resumed TLS sessions and poorly handles simultaneous connects. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Support for TLS1.2 decryption using derived keys webpentest (May 01)
- Re: Support for TLS1.2 decryption using derived keys Peter Wu (May 01)
- Re: Support for TLS1.2 decryption using derived keys webpentest (May 01)
- Re: Support for TLS1.2 decryption using derived keys Peter Wu (May 01)
- Re: Support for TLS1.2 decryption using derived keys webpentest (May 01)
- Re: Support for TLS1.2 decryption using derived keys Peter Wu (May 01)