18, 2020 at 08:29:41PM +0300, webpentest wrote:
>> Hello again, Peter and wireshark-dev!
>>
>> While testing and extending my schannel-sslkeylog tool that I previously
>> mentioned in the list ([1]), I found that in some cases I'm currently
>> not able to reliably tie e
terkey
On 02.05.2020 02:22, Peter Wu wrote:
> On Sat, May 02, 2020 at 01:48:12AM +0300, webpentest wrote:
>>> Since it relies on undocumented structures, maybe you could make an
>>> automated test that you run with GitHub Actions to check whether it
>>> keeps working? Th
On 01.05.2020 23:24, Peter Wu wrote:
> I wrote a script to do that and documented its usage on
>> http://b.poc.fun/sslkeylog-for-schannel/. It is in now way generic
>> (yet), but I successfully use in my research. Feel free to give it a go!
>> The main problem really is to get crandom and correlate
Hello Peter,
On 01.05.2020 01:23, Peter Wu wrote:
>
>> 1. A generic way to export schannel key material in SSLKEYLOG-like
>> format using elevated privilege and lsass.exe debugging / memory.
>> Preferably - the data that wireshark supports already - master secret
>> for tls <= 1.2 and the intermedi
Hello Peter, thanks for your answer. I have truncated some of the
quoting in order to avoid inflating the size of the message.
On 30.04.2020 12:58, Peter Wu wrote:
> This would be the ideal approach as access to the master secret provides
> full functionality. Apart from the links shared before, I
Hello list,
I'm currently working on implementing a SSLKEYLOGFILE-like functions for
TLS connections that use Windows SChannel APIs (e.g. IE/Edge, as well as
other windows apps such as RDP client). SChannel does not expose its
keys, though some research was done on recovering them (see [1] and [2]
