I am trying to learn how to hook into the browser memory. The Frida tool is a good start to this. My goal is to extract the client-random, server-random and symmetric session keys established at the end of a TLS handshake. By setting the SSLKEYLOGFILE
environment I can extract the client-random and the master key, however it does not output the server-random key.
After going through the source code for Firefox, this can be fixed easily by printing out the server-random key in the function static void ssl3_RecordKeyLog(sslSocket *ss)
at <firefox src/security/nss/lib/ssl/ssl3conn.c>
However, this is not a viable solution in my project as it makes deploy-ability poor, i.e. compiling Firefox every time there is a new update is generally not good practice to make changes to browser code and redistribute it.
Is there a better way to do this? More specifically, are any of these two options viable? I do not have much knowledge on the architecture of the browser.
A. Using native C++ calls in a Firefox extension to call this function/any function from the file
src/security/nss/lib/ssl/ssl3conn.c
.B. Use a browser hook to call my own code every time this function is called in the browser.
Context: Using the three value of server random, client random and master secret, I want to generate the keyblock which is further used to generate encryption keys used in a TLS session.
I am aware wireshark has this feature, and with minimal change I can output the keys, but I would not like to use wireshark as it is would consume more resources on the host computer for a simple process like key generation.
I can write my own libpcap code to parse through traffic, but I would like to keep this as the last option.