|
| 1 | +--- |
| 2 | +title: Collect HTTPS Traffic using Fiddler from Python app with Microsoft Entra ID |
| 3 | +description: Provide instructions to collect HTTPS traffic by using Fiddler from Microsoft Entra ID apps |
| 4 | +ms.date: 03/20/2025 |
| 5 | +ms.author: bachoang |
| 6 | +ms.service: entra-id |
| 7 | +ms.custom: sap:Enterprise Applications |
| 8 | +--- |
| 9 | +# Collect HTTPS traffic by using Fiddler from Python apps |
| 10 | + |
| 11 | +Capturing encrypted HTTPS web traffic in Python by using Fiddler can be challenging because Python uses its own trusted certificate store instead of the operating system certificate store. Additionally, by default, Python doesn't use a proxy in certain scenarios. This article explains how to capture SSL traffic by using the Fiddler for Python app in different scenarios. |
| 12 | + |
| 13 | +## ADAL for Python |
| 14 | + |
| 15 | +When you use Fiddler to capture HTTPS traffic in a Python app that integrates Azure Active Directory Authentication Library (ADAL), you might receive SSL error messages. This issue occurs because Python doesn't trust the Fiddler certificate. You can use either of two methods to work around this issue. |
| 16 | + |
| 17 | +> [!Note] |
| 18 | +> Disabling SSL verification presents a security risk. You should use this method only to troubleshoot. You should not use it in production environments. |
| 19 | +
|
| 20 | +- Set an environment variable at the beginning of your Python app before the `AuthenticationContext` object is initialized: |
| 21 | + |
| 22 | + ```python |
| 23 | + import os |
| 24 | + ... |
| 25 | + os.environ["ADAL_PYTHON_SSL_NO_VERIFY"] = "1" |
| 26 | + ``` |
| 27 | +- Pass the `verify_ssl=False` flag to the AuthenticationContext method: |
| 28 | + |
| 29 | + ```python |
| 30 | + context = adal.AuthenticationContext(authority, verify_ssl=False) |
| 31 | + ``` |
| 32 | + |
| 33 | +## MSAL for Python |
| 34 | +When you use the Microsoft Authentication Library (MSAL) for Python, you can disable SSL verification as follows: |
| 35 | + |
| 36 | +```python |
| 37 | +app = msal.PublicClientApplication( client_id=appId, authority="https://login.microsoftonline.com/" + tenantId, verify=False ) |
| 38 | +``` |
| 39 | +## Python Requests module |
| 40 | + |
| 41 | +By default, the Requests module doesn't use a proxy. You must force the request to go through the Fiddler proxy, per the following example: |
| 42 | + |
| 43 | +```python |
| 44 | +import requests |
| 45 | + |
| 46 | +… |
| 47 | +access_token = token.get('accessToken') |
| 48 | +endpoint = "api_endpoint" |
| 49 | +headers = {"Authorization": "Bearer " + access_token} |
| 50 | +json_output = requests.get( |
| 51 | + endpoint, |
| 52 | + headers=headers, |
| 53 | + proxies={"http": "http://127.0.0.1:8888", "https": "http://127.0.0.1:8888"}, |
| 54 | + verify=False |
| 55 | +).json() |
| 56 | +``` |
| 57 | +## Azure Active Directory SDK for Python (GraphRbacManagementClient) |
| 58 | + |
| 59 | +The following example shows how to disable SSL verification: |
| 60 | + |
| 61 | +```python |
| 62 | +from azure.graphrbac import GraphRbacManagementClient |
| 63 | +from azure.common.credentials import UserPassCredentials |
| 64 | + |
| 65 | +credentials = UserPassCredentials( |
| 66 | + <username>, # Your user name |
| 67 | + <password>, # Your password |
| 68 | + resource=”https://graph.windows.net”, |
| 69 | + verify=False |
| 70 | +) |
| 71 | +tenant_id = <tenant name or tenant id> |
| 72 | +graphrbac_client = GraphRbacManagementClient(credentials, tenant_id) |
| 73 | +graphrbac_client.config.connection.verify=False |
| 74 | +res = graphrbac_client.users.get(<UPN or ObjectID>) |
| 75 | +print(res.display_name) |
| 76 | +``` |
| 77 | + |
| 78 | +[!INCLUDE [Third-party disclaimer](../../../includes/third-party-disclaimer.md)] |
| 79 | + |
| 80 | +[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)] |
0 commit comments