Category: Security

Posted on

Getting data from API works in Postman but not working in localhost

If you are getting the data from an external API when using Postman, but when you try the code provided by Postman in your local host you get no data. A reason for that could be the SSL, first, try to install SSL for your local hosting server. Usually, OpenSSL will do the trick. Here is a link to a step-by-step of how to install SLL over WAMP.

https://infyom.com/blog/how-to-enable-localhost-https-ssl-on-wamp-server

If you still can’t connect to the external API, the reason could be an issue with the SSL certificate validation. (after all, this is a self-signed certification). This error usually occurs when the certificate authority (CA) that issued the SSL certificate used by the server you’re trying to connect to is not recognized or trusted by your system.

If you are using cURL, to resolve this issue, you have a few options:

1- Update your CA certificates: Your system’s CA certificate bundle might be outdated. You can try updating it to include the latest CA certificates. The location of the CA certificate bundle can vary depending on your operating system and cURL installation. In some cases, it may be located at /etc/ssl/certs/ca-certificates.crt.

2-Specify the CA certificate bundle path explicitly: If you have access to the CA certificate bundle, you can specify its path explicitly using the –cacert option with cURL. For example:

curl --cacert /path/to/ca-certificates.crt https://example.com

3- Ignore certificate validation (not recommended): If you’re in a development or testing environment and certificate validation is not crucial, you can bypass the certificate validation check using the -k or –insecure option with cURL. However, this approach is not recommended in production environments because it exposes you to potential security risks. Example:

curl -k https://example.com

If you are using PHP, here is an example

<?php

// Create a cURL handle
$ch = curl_init();

// Set the URL
curl_setopt($ch, CURLOPT_URL, "https://example.com");

// Disable SSL certificate verification
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

// Execute the request
$response = curl_exec($ch);

// Check for errors
if ($response === false) {
    $error = curl_error($ch);
    echo "cURL error: " . $error;
}

// Close the cURL handle
curl_close($ch);
?>
Posted on

Password protect a folder in xampp

Here is how to protect a folder with username and password in xampp :

  1. Open the command promote
  2. Go to your xampp folder and then go to: /apache/bin/
  3. Run this command :

    htpasswd.exe -c -b .htpasswd my_user _name my_password

    Don’t forget Change “my_user_name” and “my_password”
  4. A file with the name of .htpasswd will be created at the folder of /apache/bin
  5. Create a file with the name of : .htaccess at the folder you want to protect ( don’t forget the dot in .htaccess)
  6. Write the following in the .htaccess file:

    AuthType Basic
    AuthName “v3d”
    AuthUserFile “c:/xampp/apache/bin/.htpasswd”
    require valid-user

    Note that the path in AuthUserFile line (c:/xampp/apache/bin/.htpasswd) is the path to your xampp folder where the .htpasswd file is created, very important to keep this file away from the httdocs folder.

Posted on

How to solve “gpg: public key decryption failed: Bad passphrase” in batch file

If you are trying to decrypt a file or a bunch of files using batch file in windows you will write something like this:

gpg --pinentry-mode=loopback --batch --yes --passphrase "abc%123" --decrypt-files *.pgp

and you put the above code in a .bat file and run it but you got an error like:

gpg: public key decryption failed: Bad passphrase

You are 1000% sure the passphrase is correct .. well the problem is in the passphrase itself as it contains a special character that needs to be escaped .. in the above example , the passphrase : “abc%123” must be written like this: “abc%%123” as %% is the escape of % … for a complete list of batch file escape characters , check this link

in case if you are wondering about the meaning of
–pinentry-mode=loopback  
it is used to prevent the gui from pooping up and asking for the passphrase.

Another important point , to make the batch option work without problem .. you have to make sure that the encrypted file extensions is *.pgp