Hello Peter, On 01.05.2020 01:23, Peter Wu wrote: > >> 1. A generic way to export schannel key material in SSLKEYLOG-like >> format using elevated privilege and lsass.exe debugging / memory. >> Preferably - the data that wireshark supports already - master secret >> for tls <= 1.2 and the intermediate traffic secrets for tls 1.3 > That would be great :-)
I wrote a script to do that and documented its usage on http://b.poc.fun/sslkeylog-for-schannel/. It is in now way generic (yet), but I successfully use in my research. Feel free to give it a go! The main problem really is to get crandom and correlate it with master key. It is currently win-10 only, TLS1.2-only, does not work with resumed TLS sessions and poorly handles simultaneous connects. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
