SoundCloud oEmbed requests for public sets forbidden - soundcloud

I am getting "HTTP/1.1 403 Forbidden" returned when making CURL requests via soundcloud.com/oembed for SoundCloud sets URLs despite them being set to public. Individual tracks work fine including those belonging to a set.
This seems to be a recent issue as some of the sets I've been testing were working up until a few weeks ago.
Example curl request via command line that is forbidden despite being public:
$ curl -v "http://soundcloud.com/oembed" -d 'format=json' -d 'url=https://soundcloud.com/edsheeran/sets/bloodstream' -L -v -s -o /dev/null
If you do the same for one of the tracks in this set (eg soundcloud.com/rudimentaluk/bloodstream) then you get a "HTTP/1.1 200 OK" header response.

Related

How to channel originate SIP in Asterisk ARI?

I try to make call via Asterisk REST API, I want to make a call like this (CLI command example):
channel originate SIP/4444#sipprovider application playback tt-monkeys
I try to use curl for that:
curl -v -u admin:pass -X POST "http://127.0.0.1:8085/ari/channels?endpoint=SIP/1000&extension=4444&context=sipprovider"
When I post the request I get this error:
Allocation failed
What did I do wrong?
If I try using SIP, I get the same error. You might have PJSIP enabled instead of SIP.
Try using PJSIP instead of SIP.
Example:
curl -v -u asterisk:asterisk -X POST "http://localhost:8088/ari/channels?endpoint=PJSIP/5001&extension=5002&context=internal"

Is it possible to run a curl command with a splunk dbxquery?

I am developing a dashboard that connects to Splunk via REST API and displays data on various charts/graphs etc. In order to get the data I have to make a POST request via curl (node.js). Everything is working great. However when I try to make a Post request with a dbxquery, it fails and returns 'fatal dbxquery unknown command.' I was wondering if anyone had encountered this before.
curl -H 'Authorization: Basic auth token' -k https://devfg.com:8089/services/search/jobs -d search=" | dbxquery query=\"SELECT count(*) FROM db.table\" connection=\"connection\"" -d output_mode=json
Are the permissions for the dbxquery command set to be executable from any app? Check under app permissions to see if the command is globally exported.
Alternatively, you may need to escape the *, so \*.
Otherwise, you should be able to run the dbxquery via a curl command.

ZAP keeps scanning unnecessary URLs

What I'm doing is:
Starting ZAP to listen on some port
zap.bat -daemon -host localhost -port 2355 -config api.disablekey=true
Starting new session
curl -X GET "http://localhost:2355/JSON/core/action/newSession/?zapapiformat=JSON&formMethod=GET&name=&overwrite=" -H "cache-control: no-cache"
Through REST service, giving it a context, which includes only one URL pattern
curl -X GET "http://localhost:2355/JSON/context/action/importContext/?zapapiformat=JSON&formMethod=GET&contextFile=some-test-context.context" -H "cache-control: no-cache"
HERE I launch selenium test with browser bind to a proxy:2355
Starting spider
curl -X GET "http://localhost:2355/JSON/spider/action/scan/?zapapiformat=JSON&apikey=&formMethod=GET&url=&maxChildren=&recurse=&contextName=some-test-context&subtreeOnly=" -H "cache-control: no-cache"
Starting active scan
curl -X GET "http://localhost:2355/JSON/ascan/action/scan/?zapapiformat=JSON&apikey=&formMethod=GET&url=&recurse=&inScopeOnly=&scanPolicyName=&method=&postData=&contextId=2" -H "cache-control: no-cache"
(2, because there is always id#1 context, Default one)
And in the end I'm getting report
curl -X GET "http://localhost:2355/OTHER/core/other/htmlreport/?formMethod=GET" -H "cache-control: no-cache" -H "content: application/json"
I'm pretty sure the context path is correct and exists (no read error)
I'm pretty sure I specified correct name of context and id
Anyway, when I get report, there are scan results NOT only on the URL from the context. But also on production links, 3rd party sites, etc.
Am I expecting smth wrong or forgetting smth?
The browser will be requesting those URLs. ZAP will perform passive scanning on all requests that are proxied through it, and any potential vulnerabilities it finds will end up in the report. So its working as expected :)
You can either just ignore them or use one of the optional add-ons that allows you to filter the report.
You could define a Context that includes the sites/apps that you want results for (right click, add to context, in the history tab or sites tree) and enable the passive scan option that limits scanning to only messages that are in-scope.
Contexts can also be exported and imported for clean re-use.
Supporting references:
https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsPscanner
https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsContexts

Example REST Extension does not xdmp:log anything when invoking POST

I trying to debug a REST extension in MarkLogic by using xdmp:log() inside the XQuery. Seems I am having some issues invoking a POST call in general actually...? Bit confused now.
I use the exact example code as from the MarkLogic documentation here
I installed it via Roxy > deploy > ext
It is there when I look into http://host:port/v1/config/resources
The PUT command provided in the doc works and returns the "Done".
But I cannot get the POST statement to dump the xdmp:log messages in the errorlog.txt on the server?
I tried several curl commands:
curl --anyauth --user admin:admin -X POST http://host:8040/LATEST/resources/example
curl: (52) Empty reply from server
Question: What is the correct curl command to trigger the examples POST functon so something shows up in the log?
This is a curl issue. You need to specify a request body for curl to send.
curl --anyauth --user admin:admin -X POST -d '{"key":"value"}' http://host:8040/LATEST/resources/example
Or if you want to send an empty body just do this:
curl --anyauth --user admin:admin -X POST -d '' http://host:8040/LATEST/resources/example

ApiAxle: cannot access stat URL in order to view analytics

I am following the instructions at: http://apiaxle.com/docs/statistics-and-analytics-in-apiaxle/ . Unfortunately currently (May 17, 2014) apiAxle is redirecting me to the endPointserver and I am not getting statist
menelaos:~$ curl 'http://localhost:3000/v/api/test/stats?
granularity=hour&format_timestamp=ISO'
Response:
{"meta":{"version":1,"status_code":404},"results":{"error":
{"type":"ApiUnknown","message":"No api specified (via subdomain)"}}}
I also tried using the subdomain but that didn't work either:
menelaos:~$ curl 'http://test.api.localhost:3000/v/api/test/stats?granularity=hour&format_timestamp=ISO'
Typically you run multiple instances of apiaxle-proxy (which provides access to your endpoints), and a single instances of apiaxle-api (which provides access to statistics, key creation, and other API management functionality).
For example, you might be running the proxy like this:
apiaxle-proxy -f 1 -p 3000 -q
To run the API, you would run something like this:
apiaxle-api -f 1 -p 5000 -q
Note that the API needs to run on a separate port. Also note that it shouldn't be accessible to the outside world as it doesn't have any authentication.
Using the above example, your curl command would look like this:
curl -H 'content-type: application/json' \
-X GET \
'http://localhost:5000/v1/api/test/stats' \
-d '{"granularity":"hour","format_timestamp":"ISO"}'
Note that the parameters need to be sent as JSON.