|
| 1 | +--- |
| 2 | +title: Collect HTTPS Traffic using Fiddler from Python app with Microsoft Entra ID |
| 3 | +description: Provide instructions on how to collect HTTPS traffic using Fiddler from Microsoft Entra ID Apps |
| 4 | +ms.date: 03/20/2025 |
| 5 | +ms.author: bachoang |
| 6 | +ms.service: entra-id |
| 7 | +ms.custom: sap:Enterprise Applications |
| 8 | +--- |
| 9 | +# Collect HTTPS traffic using Fiddler from Python Apps |
| 10 | + |
| 11 | +Capturing encrypted HTTPS web traffic in Python with Fiddler can be challenging because Python use its own trusted certificate store rather than the operating system’s certificate store. Additionally, Python does not use a proxy by default in certain scenario. This article explains how to capture SSL traffic using Fiddler for Python app across different scenarios. |
| 12 | + |
| 13 | +## ADAL for Python |
| 14 | + |
| 15 | +When you use Fiddler to capture HTTPs traffic in an Python app that integrates Azure Active Directory Authentication Library (ADAL), you may receive SSL errors. This is caused by Python does not trust the Fiddler certificate. Here are two methods to resolve this issue: |
| 16 | + |
| 17 | +> [!Note] |
| 18 | +> Disabling SSL verification poses a security risk. It should only be used for troubleshooting purposes and avoided in production environments. |
| 19 | +
|
| 20 | +- Set an environment variable at the beginning of your Python app before initializing the AuthenticationContext object: |
| 21 | + |
| 22 | + ```python |
| 23 | + import os |
| 24 | + ... |
| 25 | + os.environ["ADAL_PYTHON_SSL_NO_VERIFY"] = "1" |
| 26 | + ``` |
| 27 | +- Pass the `verify_ssl=False` flag to the AuthenticationContext method: |
| 28 | + ```python |
| 29 | + context = adal.AuthenticationContext(authority, verify_ssl=False) |
| 30 | + ``` |
| 31 | + |
| 32 | +## MSAL for Python |
| 33 | +When you use the Microsoft Authentication Library (MSAL) for Python, you can disable SSL verification as follows: |
| 34 | + |
| 35 | +```python |
| 36 | +app = msal.PublicClientApplication( client_id=appId, authority="https://login.microsoftonline.com/" + tenantId, verify=False ) |
| 37 | +``` |
| 38 | +## Python Requests Module |
| 39 | + |
| 40 | +The Requests module does not use Proxy by default, you must force the request to go through the Fiddler proxy. Below is an example showing how to do this: |
| 41 | + |
| 42 | +```python |
| 43 | +import requests |
| 44 | + |
| 45 | +… |
| 46 | +access_token = token.get('accessToken') |
| 47 | + |
| 48 | +endpoint = ‘headers = {“Authorization”: ‘Bearer ‘ + access_token} |
| 49 | + |
| 50 | +json_output = requests.get( |
| 51 | + endpoint, |
| 52 | + headers=headers, |
| 53 | + proxies={"http": "http://127.0.0.1:8888", "https": "http://127.0.0.1:8888"}, |
| 54 | + verify=False |
| 55 | +).json() |
| 56 | +``` |
| 57 | +## AAD Libraries for Python or GraphRbacManagementClient |
| 58 | + |
| 59 | +```python |
| 60 | +from azure.graphrbac import GraphRbacManagementClient |
| 61 | +from azure.common.credentials import UserPassCredentials |
| 62 | + |
| 63 | +credentials = UserPassCredentials( |
| 64 | + <username>, # Your user name |
| 65 | + <password>, # Your password |
| 66 | + resource=”https://graph.windows.net”, |
| 67 | + verify=False |
| 68 | +) |
| 69 | +tenant_id = <tenant name or tenant id> |
| 70 | +graphrbac_client = GraphRbacManagementClient(credentials, tenant_id) |
| 71 | +graphrbac_client.config.connection.verify=False |
| 72 | +res = graphrbac_client.users.get(<UPN or ObjectID>) |
| 73 | +print(res.display_name) |
| 74 | +``` |
| 75 | + |
| 76 | +[!INCLUDE [Third-party disclaimer](../../../includes/third-party-disclaimer.md)] |
| 77 | +[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)] |
0 commit comments