Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
wickrio_web_interface
Advanced tools
The official WickrIO Web API tool. Allows to send HTTP requests to communicate with the WickrIO API, and also makes it possible to create Wickr Integrations using any programming language.
To get started with the WickrIO Web API Interface:
First, you would need to setup your system, download and install Docker and run the WickrIO Docker container. Full instructions on how to do so are available here: https://wickrinc.github.io/wickrio-docs/#wickr-io-getting-started
Run configure.sh after installing the Web API Interface software module, it will propmpt you to configure several properties that are needed to access the URL endpoints. The WickrIO console will walk you through entering the following values:
For HTTPS and SSL support, you need an OpenSSL certificate file and a key file. Both can be created with the following command:
``` openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout my.key -out my.cert ``` ### AuthenticationThis version of the Web Interface supports basic authentication. The authentication will use the "Authorization" HTTP header to send the necessary authentication information to the Wickr IO server. If the proper authentication information is not presented to the Wickr IO server then an HTTP 401 response will be sent.
When using basic authentication, a base64 encoded string will be sent to the Wickr IO server. The following steps should be performed for basic authentication:
This section describes the REST APIs that are supported by the 2.x version of the Wickr IO Web Interface integration. The following table identifies each of the actions the API supports, the type of HTTP request and the URL used.
API | HTTP | URL |
---|---|---|
Send Message | POST | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/Messages |
Set Message URL Callback | POST | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/MsgRecvCallback?callbackurl=<url> |
Get Message URL Callback | GET | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/MsgRecvCallback |
Delete Message URL Callback | DELETE | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/MsgRecvCallback |
Get Received Messages | GET | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/Messages?start=<index>&count=<number> |
Get Statistics | GET | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/Statistics |
Clear Statistics | DELETE | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/Statistics |
Create Secure Room | POST | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/Rooms |
Get Room | GET | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/Rooms/<vGroupID> |
Get Rooms | GET | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/Rooms |
Delete Room | DELETE | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/Rooms/<vGroupID> |
Leave Room | DELETE | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/Rooms/<vGroupID>&reason=leave |
Modify Room | POST | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/Rooms/<vGroupID> |
Create Group Conversation | POST | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/GroupConvo |
Get Group Conversations | GET | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/GroupConvo |
Get Group Conversation | GET | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/GroupConvo /<vGroupID> |
Delete Group Conversation | DELETE | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/GroupConvo/<vGroupID> |
Get Directory | GET | https://<host>:<port>/WickrIO/V1/Apps/<API Key>/Directory |
The <API Key> value is the value you entered during the configuration of the Wickr Web Interface intagration.
FAQs
WickrIO Node.JS API Web Interface
We found that wickrio_web_interface demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.