Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Decrypting python requests https traffic in wireshark

Tags:

python-3.x

ssh

python-requests

wireshark

I have set the environment variable SSLKEYLOGFILE for decrypting https traffic using wireshark. This works for traffic sent using any browser but doesn't work for python requests module generated traffic.

So can you plesse answer these two questions I have:

q1. Why after setting the SSLKEYLOGFILE env variable we are able to decrypt tls traffic from any browser. Do browsers export the keys if they see SSLKEYLOGFILE env var set?

q2. How do I decrypt the tls traffic generated by the requests module?

like image 529
rimalroshan Avatar asked Sep 18 '25 06:09

rimalroshan

1 Answers

  1. Yes, the browser uses some TLS\SSL library (like chrome and Boringssl) which support the SSLKEYLOGFILE environment variable (if compiled to support). The lib will dump the secret key (called master key) and Wireshark will be able to decrypt the traffic.

The file format is <Label> <space> <ClientRandom> <space> <Secret> where:

  • Label - is for protocol identification
  • ClientRandom - is the session id (ssl_session)
  • Secret - is the master key
  1. For python 3.8 use SSLContext.keylog_filename
like image 166
Maor Dahan Avatar answered Sep 19 '25 20:09

Maor Dahan

Sign in to Comment

Related questions

No module named ogr
pandas + bokeh - How get dataframe column name for hover tool

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!