Apparently by plugging into the handshake process the auditor can verify the session key and MAC. The idea is simple: you just save a full replay of the session and thus it can be verified to be legitimate.
In modern TLS this just doesn't work, because you generate a shared key. You can verify what you've received from the server because you know you didn't generate it, but someone else cannot verify if any content was generated by you or the server, only that it was part of an exchange between you and the server.
