RSS
 

Posts Tagged ‘API’

How to delete a Ghost/Empty SignalFx Dashboard Group

19 Jun 2020

The Problem

I ran across into issue when working with SignalFx where I was unable to delete a dashboard group that contained no dashboards. The only way to delete a dashboard group is to first visit a dashboard belonging to the dashboard group itself then using the meatball menu next to the dashboard group name to delete the group and all dashboards/charts belonging to the group.

This is an example of, what I have coined, a ghost dashboard group:
SignalFX Ghost Dashboard Group

The only workaround is to use the SignalFx API to retrieve the dashboard groups id and then use that to visit a special link.

Steps:

  1. Use your favourite tool to make an API request to the following SignalFx dashboard group endpoint and set the name parameter to the name of the dashboard group you are trying to delete.
  2. Retrieve the dashboard group id from the response.
  3. Find a working valid dashboard in your organisation and copy the link. It should look something like this:
  4. Replace the groupId parameter in the link above from the id we retrieved from step 2.
  5. Visit this URL. The page should load with the same dashboards but with the group belonging to the dashboard group we want to delete.
  6. Delete the ghost dashboard group using the option in the meatball menu.
    Note: The dashboard being shown on the page will not be deleted, only the ghost dashboard group will be.

    SignalFX Delete Ghost Dashboard Group

 
No Comments

Posted in Miscellaneous

 

Hackvent 2019: Day 11

11 Dec 2019
CTF: Hackvent 2019
Link to challenge: https://academy.hacking-lab.com
Date Completed: 11 December 2019

 

Challenge

HV19.11 Frolicsome Santa Jokes API

 

Html file mirror: FSJA API Description

Solution

We have the spec for the FSJA API that the elves have made. We use Postman to play around with the API to get a feel for how it works.

Following the instructions, we are able to register a new user and authenticate to get a token.
We use the following payload for our user data:

Upon logging in with the /fsja/login  endpoint we get a token which looks like this:

The token looks like base64 encoded data. In fact, it happens to be a JWT token.

We finally use the /fsja/random  endpoint to get a joke:

The platinum field stands out to me the most.
As a random hunch, I decide to register a user and provide the  platinum field value in the payload myself like so:

I generate another joke and the API kindly provides us with our flag:

Flag:  HV19{th3_cha1n_1s_0nly_as_str0ng_as_th3_w3ak3st_l1nk}

 

Bonus

This challenge also contained the solution to HV19.H2 Hidden Three

 
No Comments

Posted in Hackvent 2019

 

Fixing Mixed Content warnings using CRONjobs

02 Dec 2015

So if you, like myself, have a HTTPs only website you may have noticed that your green bar, green label or security shield (image below) disappears if your webpage fetches an image from another website over HTTP and not HTTPS.

Chrome Secure Green Lock

HTTPS Secure Chrome Lock

Now this isn’t an issue in itself which is why all modern browsers only produce a small warning in the console.

Console Warning Message

Mixed Content Message in Console

Unfortunately, most browsers also remove the secure label which is unfortunate as most business websites want to display their secure logo for customer reassurance reasons if nothing else. Personally, I just think it looks cool so I like to keep it green.

 

Easy (Obvious) Solution

The obvious solution is obviously  to host the image yourself or move the image to a website that supports HTTPS (like imgur.com).

However! The real issue is when the image is being produced by some API and you do not have access to the source code of the script producing the image.

Cronjobs!

Okay so in this case, we are using some API which regular updates an image.
We want our CRON job to run daily (or whenever required based on your needs) and to download that image and store it locally, so that your website has access to it (over HTTPs!)
This makes all the mixed content errors disappear.
I came up with the following bash script in my case:

Simply save this as some_name.sh and add a CRONjob to run the script at some interval (like daily at 3AM when your server isn’t being used much).

Check out this post on how to make CRONjobs:
http://www.cyberciti.biz/faq/how-do-i-add-jobs-to-cron-under-linux-or-unix-oses/

 

 
No Comments

Posted in Server Management