How to view Boto3 HTTPS request string
Question:
I have been able to view the attributes of the PreparedRequest that botocore sends, but I’m wondering how I can view the exact request string that is sent to AWS. I need the exact request string to be able to compare it to another application I’m testing AWS calls with.
Answers:
So what you probably want to do is to send your request through the proxy (mitmproxy, squid). Then check the proxy for what was sent.
Since HTTPS data is encrypted you must first decrypt it, then log the response, then encrypt it back and send to AWS. One of the options is to use mitmproxy. ( It’s really easy to install )
- Run mitmproxy
-
Open up another terminal and point proxy to mitmproxys port:
export http_proxy=127.0.0.1:8080
export https_proxy=$http_proxy
-
Then set verify=False when creating session/client
In [1]: import botocore.session
In [2]: client = botocore.session.Session().create_client('elasticache', verify=False)
-
Send request and look at the output of mitmproxy
In [3]: client.describe_cache_engine_versions()
-
The result should be similar to this:
Host: elasticache.us-east-1.amazonaws.com
Accept-Encoding: identity
Content-Length: 53
Content-Type: application/x-www-form-urlencoded
Authorization: AWS4-HMAC-SHA256 Credential=FOOOOOO/20150428/us-east-1/elasticache/aws4_request, SignedHeaders=host;user-agent;x-amz-date, Signature=BAAAAAAR
X-Amz-Date: 20150428T213004Z
User-Agent: Botocore/0.103.0 Python/2.7.6 Linux/3.13.0-49-generic
<?xml version='1.0' encoding='UTF-8'?>
<DescribeCacheEngineVersionsResponse
>
<DescribeCacheEngineVersionsResult>
<CacheEngineVersions>
<CacheEngineVersion>
<CacheParameterGroupFamily>memcached1.4</CacheParameterGroupFamily>
<Engine>memcached</Engine>
<CacheEngineVersionDescription>memcached version 1.4.14</CacheEngineVersionDescription>
<CacheEngineDescription>memcached</CacheEngineDescription>
<EngineVersion>1.4.14</EngineVersion>
You could also enable debug logging in boto3. That will log all requests and responses as well as lots of other things. Its a bit obscure to enable it:
import boto3
boto3.set_stream_logger(name='botocore')
The reason you have to specify botocore as the name to log is that all of the actual requests and responses happen at the botocore layer.
I have been able to view the attributes of the PreparedRequest that botocore sends, but I’m wondering how I can view the exact request string that is sent to AWS. I need the exact request string to be able to compare it to another application I’m testing AWS calls with.
So what you probably want to do is to send your request through the proxy (mitmproxy, squid). Then check the proxy for what was sent.
Since HTTPS data is encrypted you must first decrypt it, then log the response, then encrypt it back and send to AWS. One of the options is to use mitmproxy. ( It’s really easy to install )
- Run mitmproxy
-
Open up another terminal and point proxy to mitmproxys port:
export http_proxy=127.0.0.1:8080 export https_proxy=$http_proxy -
Then set
verify=Falsewhen creating session/clientIn [1]: import botocore.session In [2]: client = botocore.session.Session().create_client('elasticache', verify=False) -
Send request and look at the output of mitmproxy
In [3]: client.describe_cache_engine_versions() -
The result should be similar to this:
Host: elasticache.us-east-1.amazonaws.com Accept-Encoding: identity Content-Length: 53 Content-Type: application/x-www-form-urlencoded Authorization: AWS4-HMAC-SHA256 Credential=FOOOOOO/20150428/us-east-1/elasticache/aws4_request, SignedHeaders=host;user-agent;x-amz-date, Signature=BAAAAAAR X-Amz-Date: 20150428T213004Z User-Agent: Botocore/0.103.0 Python/2.7.6 Linux/3.13.0-49-generic
<?xml version='1.0' encoding='UTF-8'?> <DescribeCacheEngineVersionsResponse > <DescribeCacheEngineVersionsResult> <CacheEngineVersions> <CacheEngineVersion> <CacheParameterGroupFamily>memcached1.4</CacheParameterGroupFamily> <Engine>memcached</Engine> <CacheEngineVersionDescription>memcached version 1.4.14</CacheEngineVersionDescription> <CacheEngineDescription>memcached</CacheEngineDescription> <EngineVersion>1.4.14</EngineVersion>
You could also enable debug logging in boto3. That will log all requests and responses as well as lots of other things. Its a bit obscure to enable it:
import boto3
boto3.set_stream_logger(name='botocore')
The reason you have to specify botocore as the name to log is that all of the actual requests and responses happen at the botocore layer.