Re: Support for TLS1.2 decryption using derived keys

[webpentest <webpentest () gmail com>]

Hello Peter,
On 01.05.2020 01:23, Peter Wu wrote:
> > 1. A generic way to export schannel key material in SSLKEYLOG-like
> > format using elevated privilege and lsass.exe debugging / memory.
> > Preferably - the data that wireshark supports already - master secret
> > for tls <= 1.2 and the intermediate traffic secrets for tls 1.3
> That would be great :-)

I wrote a script to do that and documented its usage on
http://b.poc.fun/sslkeylog-for-schannel/. It is in now way generic
(yet), but I successfully use in my research. Feel free to give it a go!
The main problem really is to get crandom and correlate it with master key.

It is currently win-10 only, TLS1.2-only, does not work with resumed TLS
sessions and poorly handles simultaneous connects.





___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe