I've submitted a phishing url to URL LOOKUP API and got this response (with some characters replaced with 'X'):
{"requestId": "8d07XXXXX-b0X5-X4gX-3XaX-XXXXXX677acXX,XXXXXXXXX76", "ttl": 300}
Nothing about productivityCategory, securityCategory or riskLevel.
It's possible to check for more information with requestId provided in request response?
It means that the URL is unknown by SophosLabs Intelix at the moment, even if it has a huge database.
requestId only used for tracking a single request, no further data can be queried.
BTW how did you find out that is a phising URL?
Could you please share with me?
Related
Assume we have an api - /student/getStudentDetails/{id} which returns a JSON response containing the succeeding internal rest api (/student/getAdvancedStudentDetails/{id}).
{
id:123,
name:Alex,
nextapi:/student/getAdvancedStudentDetails/123
}
Here when we get the response from first api - /student/getStudentDetails, we need to process the JSON response and take out the second api from the first api and call it.
Any suggestions?
Your first response for first api "GET student details" only returns high level details of student and one of field "nextapi" in response has URL to GET more details about student.
In Your first response "nextapi" is customer field defined by you and it only has
URL without host and port details of sever. So Consumer of api, will have to parse First response. Create full http url and call the next api to get further details of student. It will not happen automatically.
eg http://localhost:8080/student/getAdvancedStudentDetails/123
{
id:123,
name:Alex,
nextapi:/student/getAdvancedStudentDetails/123
}
Note :
If your response had full http url for get advance details of student and if api was not secure api. Then if you view first Json, it might give you link for next api, which you can click and see advance details. You can give it try.
I want to publish my first Facebook application and a Privacy Policy URL is required.
I have the page privacypolicy.html published in my website but I get the next message when I configure it in "App Details":
You must submit a valid Privacy Policy URL in order to be compliant with Facebook Platform. Request failed with error:
Bad Response Code: URL returned a bad HTTP response code.
The http code returned when I request the page is 200
Any ideas?
The URL is cached by facebook.
Adding # at the end of my Url did the job ..
This is an old question I know, but I figured I'd post my solution and hope it helps anyone. For me I got this error because I had rewrite rules that didn't catch the URL that Facebook actually goes to in order to get the privacy policy. Facebook adds a query string to the URL that you give it for the privacy policy and since my privacy policy page doesn't do anything with the query string, I didn't check for it in my rewrite rule.
You can check out how Facebook scrapes the page you give it by going to Facebook's Sharing Debugger and putting your URL in the input bar. You can also see the last time that Facebook tried to scrape that URL and tell Facebook to try again once you've fixed any issues. This will get around the caching that was mentioned in user2390340's post.
Facebook externalhit appears to request via the ipv6 address published in DNS if there is one available and won't check on the ipv4 published in DNS.
If your website doesn't have ipv6 enabled it'll return a 404 or 500 and you'll get that error "Bad Response Code: URL returned a bad HTTP response code" for your Privacy Policy URL.
Edit:
Also noted that Facebook caches the URL, I was checking it and getting a "bad response code" error even though there was no hit from their UA in the access logs.
Adding ?stuff onto the end of the URL in the Privacy Policy field bypassed a cache and the access log hits showed up with 200 OK, allowing the URL to be saved.
Not sure if this is related to user2259887's comment about Facebook using IPV6 DNS. But after reading his comment, I was able to work around the validation issue by specifying an IP Address URL instead of using the host domain name URL.
This workaround will not work well if the site IP address is dynamic or change often.
I´m trying to connect via Linkedin Auth2 from a java web application:
Added my own app in linkedin.
Generate the authorization URL: https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=XXX&scope=r_basicprofile%20r_fullprofile%20r_emailaddress&state=DCEEFWF454Us5dffef424&redirect_uri=http://localhost:9090/springmvc/token.htm
Introduce my login/password for linkedin in the new popup.
Get back successful the request on the redirect_uri previus, and take the authorization code "code"
Generate the accessToken URL
Make a POST with: https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=YYY&redirect_uri=http://localhost:9090/SpringMVC/token.htm&client_id=XXX&client_secret=ZZZ
Get next error in response: {"error_description":"missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired","error":"invalid_request"}
I´ve verified url parameters are correct:
- "code" is the token receive on step 4.
"redirect_uri" is the same URL on step 2 and 4. I added this URL on section "OAuth 2.0 redirect URL" on my APP.
"client_id" and "client_secret" are the "Client API" and "Secret API" on my APP.
Time between first and second request is less than 20 seconds.
The value of your redirect_uri parameter must be URL-encoded, so at 6. do:
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=YYY&redirect_uri=http%3A%2F%2Flocalhost%3A9090%2FSpringMVC%2Ftoken.htm&client_id=XXX&client_secret=ZZZ
and it need not be sent as a POST but as a GET.
If You Are Sending a Request For Access Token it must be POST Request
Refer the OAuth Documentation
I actually Copied the Whole URL From My Eclipse Console To URL It is Still Valid
In Your Case The Problem is with URL Encoding As HanZ said .
You Have to Encode Your URL For Post Request.
I too got bugged with this issue for long time. Please keep few things in mind which I did and eventually sorted it out.
Hit the api to get authorization code by using get request.
The authorization code has a life span of about 20 seconds, so its difficult to manually copy the code from the url and make a request for token access. You should do it pro-grammatically.
Make a post request for getting access token.
Most Important: Old linkedin applications that I had created was not working and giving the above error. Create a new linkedin application and try. Doing this worked for me.
I assume that all the other parameters like client_id, secret, redirect_uri are correct.
please try and let us know.
Thanks.
This started as a question, but in the process of posting this question, I solved it. So now, this is an FYI post...
==========
At first, whenever I tried to post to this URL, I would get an error message:
https:// www.dwolla.com/oauth/rest/register --> Bad URL
There is no operation listening for
http:// phx-dwol-web1.cloudworks.com/oauth/rest/register, but there is
an operation listening for
http:// www.dwolla.com/oauth/rest/register/, so you are being
redirected there.
I fixed by appending the auth values to the post URL:
https://www.dwolla.com/oauth/rest/register/?client_id={id}&client_secret={secret}
--> Good URL
Then, I was having trouble with request formatting. To fix this, make sure that you post JSON in the BODY of the post. Do NOT append to the URL, or submit as form fields.
Lastly, when I finally got a proper response from the Dwolla API, I was getting this error:
"New user must accept terms of service."
This is because the Dwolla API is CASE SENSITIVE, so the "ACCEPTTERMS" parameter in the JSON body must be submitted as "acceptTerms" in order for it to work.
Here is the documentation I am referencing:
http://developers.dwolla.com/dev/docs/register
Happy coding!
Thanks for the answer...it ultimately led to me solving my problem as well.
For completeness, I encountered this error when sending a poorly formed request to the api, where I had left off the trailing / before the get parameter {oauth_token}.
INCORRECT:
http://www.dwolla.com/oauth/rest/users?oauth_token={oauth_token}
CORRECT:
http://www.dwolla.com/oauth/rest/users/?oauth_token={oauth_token}
We have URLs to a list of documents and we would like to check if a user has access to those documents. These documents require user login and password to access. Since the server requires NTLM authentication, we are using the JCIFS API to make a URL Connection to the document and checking the HTTP response code. If the response code is 401, then we are confirming that user does not have access. With this approach, does the document download all the content? Does the response time vary depending on the size of the document? Is there a better approach? Thanks in advance.
Config.setProperty("jcifs.smb.client.username", "<user_name>");
Config.setProperty("jcifs.smb.client.password", "<password>");
URL spURL = new URL("http://<host_name>/<folder_name>/<file_name>";
HttpURLConnection httpURLConnection = (HttpURLConnection) spURL
.openConnection();
NtlmHttpURLConnection ntlmHttpURLConnection = new NtlmHttpURLConnection(
httpURLConnection);
int resCode = ntlmHttpURLConnection.getResponseCode()
Thanks for your answers. I do not have a requirement to download the document, but my requirement is only to check if a user has access to a document or not. I am looking for a solution which is faster in terms of response and does not vary depending on the size of the document.
Hi, Thanks for your suggestions to set the request type as HEAD. There are lot of HTTP response codes that start with 2, 3, 4 and 5. Can you please explain me how I can interprese this? I am assuming the following intepretation; please correct me if I am wrong.
Any response code that starts with 2 means user has access to the document.
Any response code that starts with 3, I need to add further logic to make another request to actual URL?? Is there a code how this can be done automatically?
Any response code with 401 indicates user does not have access.
Any response code starting with 5 indicates, there is a problem with host server.
How about
httpURLConnection.setRequestMethod("HEAD");
?
When you download, there is not really any overhead. If you are not authorized, the server is not going to send the file back.
If you are posting large amount of data, you should use 100-Continue to make sure you are allowed to do so before proceeding. You can do it like this,
httpURLConnection.setRequestProperty("Expect", "100-continue");