Hello list!
I wanted to share my progress on schannel session keys extraction.
First of all, I've written a two-part series that documents my efforts,
see [1] and [2]. They are rather lengthy and mainly focus on the
debugging and reversing parts.
Secondly, the current iteration of the tool ([3]) is
Hi George,
On Thu, Jun 18, 2020 at 08:29:41PM +0300, webpentest wrote:
> Hello again, Peter and wireshark-dev!
>
> While testing and extending my schannel-sslkeylog tool that I previously
> mentioned in the list ([1]), I found that in some cases I'm currently
> not able to reliably tie extracted
Hello again, Peter and wireshark-dev!
While testing and extending my schannel-sslkeylog tool that I previously
mentioned in the list ([1]), I found that in some cases I'm currently
not able to reliably tie extracted master secret to a client random,
because of the TLS Session Hash being in use (a.
On Sat, May 02, 2020 at 01:48:12AM +0300, webpentest wrote:
> > Since it relies on undocumented structures, maybe you could make an
> > automated test that you run with GitHub Actions to check whether it
> > keeps working? That can act as usage documentation as well.
>
> Some automated testing is a
On 01.05.2020 23:24, Peter Wu wrote:
> I wrote a script to do that and documented its usage on
>> http://b.poc.fun/sslkeylog-for-schannel/. It is in now way generic
>> (yet), but I successfully use in my research. Feel free to give it a go!
>> The main problem really is to get crandom and correlate
On Fri, May 01, 2020 at 02:39:28PM +0300, webpentest wrote:
> Hello Peter,
> On 01.05.2020 01:23, Peter Wu wrote:
> >
> >> 1. A generic way to export schannel key material in SSLKEYLOG-like
> >> format using elevated privilege and lsass.exe debugging / memory.
> >> Preferably - the data that wiresh
Hello Peter,
On 01.05.2020 01:23, Peter Wu wrote:
>
>> 1. A generic way to export schannel key material in SSLKEYLOG-like
>> format using elevated privilege and lsass.exe debugging / memory.
>> Preferably - the data that wireshark supports already - master secret
>> for tls <= 1.2 and the intermedi
Hi George,
On Thu, Apr 30, 2020 at 03:10:44PM +0300, webpentest wrote:
[..]
> Thanks for these additional resources! Just to clarify: extraction of
> secrets from lsass.exe is absolutely possible; I was able to do that
> successfully for on current windows 10.
>
> The problem here is the increasi
Hello Peter, thanks for your answer. I have truncated some of the
quoting in order to avoid inflating the size of the message.
On 30.04.2020 12:58, Peter Wu wrote:
> This would be the ideal approach as access to the master secret provides
> full functionality. Apart from the links shared before, I
Hi George,
On Thu, Apr 30, 2020 at 10:37:49AM +0300, webpentest wrote:
> Hello list,
>
> I'm currently working on implementing a SSLKEYLOGFILE-like functions for
> TLS connections that use Windows SChannel APIs (e.g. IE/Edge, as well as
> other windows apps such as RDP client). SChannel does not
Hello list,
I'm currently working on implementing a SSLKEYLOGFILE-like functions for
TLS connections that use Windows SChannel APIs (e.g. IE/Edge, as well as
other windows apps such as RDP client). SChannel does not expose its
keys, though some research was done on recovering them (see [1] and [2]
11 matches
Mail list logo
