How can disable SSL peer verification in http client (httpc) in erlang - ssl

I sent a restfull api request by http client, but i get below error:
{error,{failed_connect,[{to_address,{"https://example.com",443}},
{inet,[inet],{tls_alert,"record overflow"}}]}}
i found that SSL peer verification made this problem. how can i disable it?
my code:
test() ->
inets:start(),
ssl:start(),
RequestBody = "",
Request = {"https://example.com", [{"X-API-CODE",""}, {"Accept","application/json"}, {"access-token",""}], "application/json", RequestBody},
{ok, {_, _, ResponseBody}} = httpc:request(post, Request, [], []),
io:format("~st", [ResponseBody]).

Although disabling verification is not a good idea, but it's possible by using {ssl, [{verify, verify_none}]} in the options.
Example:
httpc:request(get, {"https://revoked.badssl.com/", []}, [{ssl, [{verify, verify_none}]}], []).

Related

Gophish API request is blocked : "header ‘authorization’ is not allowed" (Javascript request)

I am using the Gophish API for the first time.
I can't get the list of the sending profiles through a simple Javascript HTTP request. Firefox display this error message :
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at
``https://MY_GOPHISH_SERVER_URL:3333/api/smtp``. (Reason: header ‘authorization’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).
Here is my request code :
fetch("MY_GOPHISH_SERVER_URL:3333/api/smtp", {
method: "GET",
headers: {
Authorization : MY_GOPHISH_API_KEY
},
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error(error.message))
}
What could I try ? Is there a way to edit Gophish CORS policy ?
Thanks.
Julien
Additional information :
The campaigns made from Gophish browser interface work well.
If I try the same request with POSTMAN, it works only if I disable the SSL certificate verification.
The SSL certificate is valid (I own it and it is announced as valid by browsers)
I actually discovered that it requires to disable the SSL certificate verification as the SSL certificate is known and valid.
I am gonna open a new ticket for that purpose as it is bugging as well ... xD !

Ktor Android Client Websocket Connection Failed

The WebSocket server is a online testing one
The Website
Something goes wrong And I don't know how to fix it.
val client = HttpClient(CIO) { install(WebSockets) }
GlobalScope.launch {
client.webSocket("ws://82.157.123.54:9010/ajaxchattest") {}
}
the error printStackTrace
java.lang.IllegalStateException: Failed to parse request body: request body length
should be specified,
chunked transfer encoding should be used or
keep-alive should be disabled (connection: close)
not knowing how to enable encoding or disable keep-alive or specify body length.
The 82.157.123.54:9010/ajaxchattest endpoint responds with 403 Forbidden instead of 101 Switching Protocols if the Origin header is absent or invalid. So to make it work just append the Origin header with a well-formed value:
val client = HttpClient(CIO) { install(WebSockets) }
client.webSocket("ws://82.157.123.54:9010/ajaxchattest", request = {
header(HttpHeaders.Origin, "http://example")
}) {}

Cannot POST request using service account key file in Python, getting 'Invalid IAP credentials: Unable to parse JWT', '401 Status Code'

I am trying to send a POST request to a Google App Engine service with a JSON body accompanied by an authorization token. I am generating the access token from a local service account key JSON file. The code below is generating a credential but finally the authorization is being rejected. I also tried different ways already. Even tried writing the request in Postman with a Bearer token in the Header, or even as a plain cURL command. But whatever I try, getting a 401 authentication error. I need to make sure whether the problem is in my side or on the other side with the service. Explored every documentation avaliable but no luck.
from google.auth.transport import requests
from google.oauth2 import service_account
from google.auth.transport.requests import AuthorizedSession
CREDENTIAL_SCOPES = ["https://www.googleapis.com/auth/cloud-platform"]
CREDENTIALS_KEY_PATH = 'my-local-service-account-key-file.json'
#the example service url I am trying to hit with requests
url = 'https://test.appspot.com/submit'
headers = {"Content-Type": "application/json"}
#example data I am sending with the request body
payload = {
"key1": "value 1",
"key2": "value 2"
}
credentials = service_account.Credentials.from_service_account_file(
CREDENTIALS_KEY_PATH,
scopes=CREDENTIAL_SCOPES
)
credentials.refresh(requests.Request())
authed_session = AuthorizedSession(credentials)
response = authed_session.request('POST',
url,
headers=headers,
data=payload
)
#adding some debug lines for your help
print(response.text)
print(response.status_code)
print(response.headers)
Getting the Output:
Invalid IAP credentials: Unable to parse JWT
401
{'X-Goog-IAP-Generated-Response': 'true', 'Date': 'Mon, 03 May 2021 06:52:11 GMT', 'Content-Type': 'text/html', 'Server': 'Google Frontend', 'Content-Length': '44', 'Alt-Svc': 'h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"'}
IAP expects a JWT(OpenID Connect (OIDC)) token in the Authorization header while your method will attach an access token the the Authorization header instead. Take a look at the below code snippet to make a request to an IAP secured resource.
Your code needs to be something like the following:
from google.auth.transport.requests import Request
from google.oauth2 import id_token
import requests
def make_iap_request(url, client_id, method='GET', **kwargs):
"""Makes a request to an application protected by Identity-Aware Proxy.
Args:
url: The Identity-Aware Proxy-protected URL to fetch.
client_id: The client ID used by Identity-Aware Proxy.
method: The request method to use
('GET', 'OPTIONS', 'HEAD', 'POST', 'PUT', 'PATCH', 'DELETE')
**kwargs: Any of the parameters defined for the request function:
https://github.com/requests/requests/blob/master/requests/api.py
If no timeout is provided, it is set to 90 by default.
Returns:
The page body, or raises an exception if the page couldn't be retrieved.
"""
# Set the default timeout, if missing
if 'timeout' not in kwargs:
kwargs['timeout'] = 90
# Obtain an OpenID Connect (OIDC) token from metadata server or using service
# account.
open_id_connect_token = id_token.fetch_id_token(Request(), client_id)
# Fetch the Identity-Aware Proxy-protected URL, including an
# Authorization header containing "Bearer " followed by a
# Google-issued OpenID Connect token for the service account.
resp = requests.request(
method, url,
headers={'Authorization': 'Bearer {}'.format(
open_id_connect_token)}, **kwargs)
if resp.status_code == 403:
raise Exception('Service account does not have permission to '
'access the IAP-protected application.')
elif resp.status_code != 200:
raise Exception(
'Bad response from application: {!r} / {!r} / {!r}'.format(
resp.status_code, resp.headers, resp.text))
else:
return resp.text
Note: The above method works with implicit credentials that can be set by running command: export GOOGLE_APPLICATION_CREDENTIALS=my-local-service-account-key-file.json to set the path to your service account in the environment and then run the python code from the same terminal.
Take a look at this link for more info.

How to pass SSL certs in Cypress POST request

To get successful response, passing same options object with NPM request module but cy.request(options) throws 403 error.
var options = {
method: 'POST',
agentOptions: {
key: cy.readFile('cypress/support/transport.key'),
cert: cy.readFile('cypress/support/transport.pem')
}
};
Please guide how to pass SSL certificates in Cypress request.

SSLError certificate verify failed when testing the Swish API

I am trying to send a test request to the Swedish micro payment system Swish.
When running the code below, I get the error "SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"
My OpenSSl version is 1.1.1j which means it supports TLS 1.2 which Swish requires.
What do I need to change to make it work?
import json
from requests_pkcs12 import put
url = "https://mss.cpc.getswish.net/swish-cpcapi/api/v2/paymentrequests/F628384EC1744F9BB1F871EA67CB8BA5"
clientP12 = "Swish_Merchant_TestCertificate_1234679304.p12"
signingCert = "Swish_Merchant_TestSigningCertificate_1234679304.pem"
payload = {
"payeePaymentReference": "4",
"callbackUrl": "https://mysite/API/on_swish_payment_done/?payeePaymentReference=4",
"payerAlias": "0701234567",
"payeeAlias": "1234679304",
"amount": "100.00",
"currency": "SEK"
}
headers = {'content-type': 'application/json'}
r = put(url,
data=json.dumps(payload),
headers=headers,
pkcs12_filename=clientP12,
pkcs12_password='swish',
verify=signingCert
)
I think you should use the Swish_TLS_RootCA.pem as verify. Afaik the signing certificate is only used to sign the payload for Swish Payouts