Read Non-Browser SSL/TLS Traffic in Plaintext (Wireshark)

Question

I can do this in the browser fine (SSLKEYLOGFILE exporting and such), but what about non-browser traffic?

In particular, I've got a Flash file that is making HTTPS requests to a host. This file does not obey my system settings or my Chrome settings (eg, for Burp to see its HTTP/S requests, I had to invisible proxy it).

However, this flash file is also making requests with the host without using HTTP/S (but still over TLS) via sockets. I'd like to see these direct socket requests in Wireshark, but Wireshark just shows them as encrypted TLS/v1.2 communications with no option of following the unencrypted steam.

I've looked through the Flash's source and there appears to be no in-house encryption/obfuscation on the data being sent through the sockets, so I believe they are just sending plaintext data through sockets that is secured by the nature of the TLS connection.

EDIT: I gave an answer that I believe will solve the problem, but I'm still looking for a better solution or some insight on implementing that answer with minimum pain.

Answer 1

Tossing up this answer, but I don't really like it (lots of work). I'm posting this to say I considered it and am looking for a better answer.

I figure I can MitM myself -- have a VM connect to the flash, but the host file points to my local machine and it either doesn't verify SSL or trusts a BS cert I made. My machine can then get the request, pass it through to the server as a legit request, receive server's response, decrypt it as usual and forward the request. Standard MitM. Basically making an entire custom client MitM for the flash application in question.