Requests: Requests does not support session key logging

Created on 12 Nov 2016  ·  8Comments  ·  Source: psf/requests

I would really like requests to support session key logging. Firefox and Chrome both support logging the symmetric session key used to encrypt TLS traffic. This makes it easy to analyze traffic with Wireshark.
Requests should write symmetric session keys to the file set in user variable “SSLKEYLOGFILE”.

picture wittrup
👍1

Most helpful comment

Just use https://pypi.org/project/sslkeylog/, it works for me.

picture gtors on 14 Jun 2019
3

All 8 comments

Requests cannot do this in normal operation because OpenSSL does not expose appropriate APIs to extract this keying information. Both Chrome and Firefox use other TLS implementations (BoringSSL and NSS) which do have the appropriate APIs.

I am currently working on a patch to enable this functionality in openssl/openssl#1646. Please track that issue, as until it merges it will not be possible for Requests to support this function. It will also be limited to OpenSSL 1.1.0 and modern Python versions.

Lukasa picture Lukasa on 12 Nov 2016
👍1

Hi Cory, it seems your change has been merged to OpenSSL. Is the key logging supported in requests now?

wenqiangwang picture wenqiangwang on 15 Jun 2017

Nope. Adding support for this requires first that OpenSSL 1.1.1 be released, and second that bindings for these functions be added to our dependencies. When OpenSSL 1.1.1 releases I'll add bindings to PyOpenSSL, but the stdlib will take a long time to catch up.

Lukasa picture Lukasa on 16 Jun 2017

OpenSSL 1.1.1 is out!
News on the dependencies front?

g2p picture g2p on 23 Sep 2018

Better to ask pyOpenSSL if they support it yet. Then convince urllib3 to expose a way to utilize it from their pyOpenSSL shim. .... Then it will be actually useful to bug us about how to use it within requests.

sigmavirus24 picture sigmavirus24 on 25 Sep 2018

Is this feature available yet in requests? It seems to still not be respecting the environment variable, but maybe I am just overlooking something? It would provide a very easy way to debug some of the requests in my script.

Also found this: https://bugs.python.org/issue34271

pydlv picture pydlv on 27 May 2019

Just use https://pypi.org/project/sslkeylog/, it works for me.

gtors picture gtors on 14 Jun 2019
3

@gtors
I've tried the sslkeylog (0.2.0) module but with mixed success. A line is written into the sslkeylog.log file for each request.{get/put} but wireshark only seems to recognize and use some of them. For example, if my code has six requests.get() calls, six entries will be written to sslkeylog.log but wireshark will only be able to decode, say, three of the calls in a trace.

I suspect this is because 'requests' uses 'pyopenssl' but that's just a guess. This code is beyond my python knowledge.

If anyone has a suggestion, I would love to hear it.

Thanks

butlerrscott picture butlerrscott on 13 Aug 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

8key picture 8key  ·  3Comments
remram44 picture remram44  ·  4Comments
thadeusb picture thadeusb  ·  3Comments
mitar picture mitar  ·  4Comments
JimHokanson picture JimHokanson  ·  3Comments