堆栈内存溢出
  简体   繁体   English

如何在 fiddler 中捕获 python https 流量?

[英]How to capture python https traffic in fiddler?

 原文  2017-09-30 13:21:59       python/ https/ python-requests/ fiddler

问题描述

Python throws in errors when ever I try to do some data fetching task.每当我尝试执行某些数据获取任务时,Python 都会出错。 This only happens when I set fiddler to decrypt https traffic.这只发生在我设置 fiddler 来解密 https 流量时。 I have tried routing python traffic through 127.0.0.1:8888 and same with mozilla inorder to catch its traffic.我已经尝试通过 127.0.0.1:8888 路由 python 流量,并且与 mozilla 相同,以便捕获其流量。 I also installed the certificate and trusted it via fiddler, I am not sure where I am going wrong.我还安装了证书并通过 fiddler 信任它,我不确定我哪里出错了。

    raise SSLError(e, request=request)
    requests.exceptions.SSLError: HTTPSConnectionPool(host='google.com', port=443):
    Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFIC
    ATE_VERIFY_FAILED] certificate verify failed (_ssl.c:748)'),))

This above is the error I get whenever I try to fetch a page with requests.以上是我尝试获取带有请求的页面时遇到的错误。

2 个解决方案

解决方案1
 6  2018-05-17 11:35:39

TL;DR The requests library does not use the windows certificate store, it has it's own one (as per https://bugs.python.org/issue28547 ). TL;DR requests 库不使用 Windows 证书存储,它有自己的一个(根据https://bugs.python.org/issue28547 )。 This means that your fiddler MITM certificate is not available to python requests by default.这意味着默认情况下,您的提琴手 MITM 证书不可用于 python 请求。

Your options are您的选择是

  1. Disable SSL verification (verify=False)禁用 SSL 验证(verify=False)
  2. Add your cert via the REQUESTS_CA_BUNDLE environment variable通过 REQUESTS_CA_BUNDLE 环境变量添加您的证书
  3. Add your fiddler cert explicitly (verify='\\path\\to\\cert')明确添加您的提琴手证书(verify='\\path\\to\\cert')

More details can be found at http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification更多细节可以在http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification找到

On a side note, it does feel a little strange for requests to be using it's own cert bundle, rather than the platform supplied one - especially given all the browsers are happy to use the platform ones.另一方面,请求使用自己的证书包而不是平台提供的证书确实感觉有点奇怪 - 特别是考虑到所有浏览器都乐于使用平台的。

解决方案2
 0  2021-04-14 22:21:09

As pointed out by polhemic and Eric Aronesty, for testing purposes, you can set temporarily "CURL_CA_BUNDLE" to an empty string.正如 polhemic 和 Eric Aronesty 所指出的,出于测试目的,您可以暂时将“CURL_CA_BUNDLE”设置为空字符串。

import os
os.environ['CURL_CA_BUNDLE'] = ''

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何通过fiddler2捕获python SSL(HTTPS)连接 - How to capture python SSL(HTTPS) connection through fiddler2 如何在python中捕获流量 - How to capture traffic in python 如何在Python中捕获Android设备的流量? - How to capture the traffic of an Android device in Python? fiddler 不捕获 python http 请求? - fiddler doesn't capture python http request? 如何在python中使用pcap捕获同一wifi中其他人的流量? - How to use pcap in python to capture other's traffic in same wifi? 如何在Python上使用selenium webdriver和browsermob代理捕获网络流量? - How to capture network traffic using selenium webdriver and browsermob proxy on Python? 如何使用硒捕获网络流量 - How to capture network traffic with selenium 如何在不使用HAR的情况下在python中使用Selenium Webdriver捕获网络流量 - How to capture network traffic using selenium webdriver in python without using HAR 如何在Azure中使用Python SDK设置enable_https_traffic_only? - How do I set enable_https_traffic_only using Python SDK in Azure? 如何使用burp套件代理HTTPS流量? - How to proxy HTTPS traffic with burp suite?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM