Decrypting python requests https traffic in wireshark

1
votes

I have set the environment variable SSLKEYLOGFILE for decrypting https traffic using wireshark. This works for traffic sent using any browser but doesn't work for python requests module generated traffic.

So can you plesse answer these two questions I have:

q1. Why after setting the SSLKEYLOGFILE env variable we are able to decrypt tls traffic from any browser. Do browsers export the keys if they see SSLKEYLOGFILE env var set?

q2. How do I decrypt the tls traffic generated by the requests module?

1
python-3.xsshpython-requestswireshark

1 Answers

1
votes
  1. Yes, the browser uses some TLS\SSL library (like chrome and Boringssl) which support the SSLKEYLOGFILE environment variable (if compiled to support). The lib will dump the secret key (called master key) and Wireshark will be able to decrypt the traffic.

The file format is <Label> <space> <ClientRandom> <space> <Secret> where:

  • Label - is for protocol identification
  • ClientRandom - is the session id (ssl_session)
  • Secret - is the master key
  1. For python 3.8 use SSLContext.keylog_filename