I write a lot of Python scripts that interact with websites using the requests module. To figure out the requests I need to make for say, logging in, I do the process manually while Burp Suite is running and then model it. It wasn’t until a few days ago while debugging that I wondered if I could proxy my Python programs to make sure it was sending the correct data.
I’ve written several skills using the Flask-Ask framework but found Amazon’s basic tutorial to only work for short-term projects that would not be officially published. Recently, I wrote a post here about the environment I created to be a fast and reliable host for my published skills, specifically Explain Like I’m Five. That post explains the components and my reasons for using them. This is the technical guide to setting up that environment.
I first became interested in the Alexa Skills Kit when I got a strip of LED lights for Christmas. Python is my go to language so I used the Flask-Ask framework on a Raspberry Pi to make them change colors, flash, etc. with my voice. The code was very basic, and the networking with ngrok was messy. The endpoint domain had to be changed in the skill’s configuration every time ngrok was stopped or my Raspberry Pi restarted.
A while ago I wrote an introduction to virtual private networks. I have an odd love for this technology and the wide array of uses that come with implementing it. What used to be a tool for enterprise use is now almost a commonly known term. Just this evening, NPR ran a story about normal people using VPNs to deter spying by internet providers and the government. They recommend the safest way to use a VPN is to host it yourself. Today it is easier than ever to configure a quality VPN server.
Opening up a computer to the world exposes it to a plethora of bots scanning for default credentials, unpatched vulnerabilities, among other things. It’s important to take this into consideration when configuring a publicly facing service. Key exchange or a strong password, access control, and keeping on top of updates are a must. When I first got to campus which has a mostly public facing network, I was amazed at the number of bots constantly scanning everything and anything.