This is a migrated thread and some comments may be shown as answers.

SSL Capuring python

3 Answers 685 Views
Fiddler Classic Fiddler Everywhere
This is a migrated thread and some comments may be shown as answers.
Sebastian
Top achievements
Rank 1
Sebastian asked on 27 May 2020, 07:36 PM
Im trying to capture SSL traffic from an application where i dont own the source code, but im forced to use it currently. Since i would love to see what its actually submitting to the webserver, i installed fiddler to capture the ssl traffic. However i quickly realized, that its not that easy since the application is using python request libary, which ignores the windows certificate store. Is there any way to decrypt the traffic , even if the application wont check the windows application store and im unable to change the code of the application? OS im running the application on is Windows 10 if that matters.

3 Answers, 1 is accepted

Sort by
0
Eric R | Senior Technical Support Engineer
Telerik team
answered on 29 May 2020, 05:37 PM

Hi Sebastian,

Unfortunately, since the application bypasses the Windows Certificate Store, there would be no way for Fiddler to decrypt the traffic since this relies on the the Fiddler Root Certificate. 

Please let me know if you need any additional information. Thank you for using Fiddler.

Regards,


Eric R | Senior Technical Support Engineer
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.
0
Noob Saibot
Top achievements
Rank 1
Iron
answered on 30 Oct 2022, 05:39 AM

Here's how to how to capture Python app where you don't own the source code.

1. Use following package to allow python to use windows certificates store
https://pypi.org/project/pip-system-certs/

2. Launch Fiddler and uncheck Capture - Very important

3. Open command prompt and set proxy environment variables. Don't close the window.

set http_proxy=127.0.0.1:8888
set https_proxy=127.0.0.1:8888

4. Launch python app through the command prompt above

python C:\Users\Admin\TEMP\SomePythonApp.pyc

0
ameron
Top achievements
Rank 1
Iron
answered on 09 Nov 2022, 01:27 AM | edited on 09 Nov 2022, 07:24 AM
Here's how to record a Python application if you don't control the source code.

Use the package listed below to enable Python to access the Windows Certificate Store.
2. Open Fiddler and uncheck Capture - This is crucial
3. Open the command prompt, then configure the proxy environment variables. Do not shut the window.
Tags
Fiddler Classic Fiddler Everywhere
Asked by
Sebastian
Top achievements
Rank 1
Answers by
Eric R | Senior Technical Support Engineer
Telerik team
Noob Saibot
Top achievements
Rank 1
Iron
ameron
Top achievements
Rank 1
Iron
Share this question
or