A small tool to view real-world ActivityPub objects as JSON! Enter a URL
or username from Mastodon or a similar service below, and we'll send a
request with
the right
Accept
header
to the server to view the underlying object.
{
"@context": [
"https://www.w3.org/ns/activitystreams",
{
"ostatus": "http://ostatus.org#",
"atomUri": "ostatus:atomUri",
"inReplyToAtomUri": "ostatus:inReplyToAtomUri",
"conversation": "ostatus:conversation",
"sensitive": "as:sensitive",
"toot": "http://joinmastodon.org/ns#",
"votersCount": "toot:votersCount",
"litepub": "http://litepub.social/ns#",
"directMessage": "litepub:directMessage",
"blurhash": "toot:blurhash",
"focalPoint": {
"@container": "@list",
"@id": "toot:focalPoint"
}
}
],
"id": "https://infosec.exchange/users/breditor/statuses/109838641727578519/activity",
"type": "Create",
"actor": "https://infosec.exchange/users/breditor",
"published": "2023-02-10T04:51:05Z",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"cc": [
"https://infosec.exchange/users/breditor/followers"
],
"object": {
"id": "https://infosec.exchange/users/breditor/statuses/109838641727578519",
"type": "Note",
"summary": null,
"inReplyTo": null,
"published": "2023-02-10T04:51:05Z",
"url": "https://infosec.exchange/@breditor/109838641727578519",
"attributedTo": "https://infosec.exchange/users/breditor",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"cc": [
"https://infosec.exchange/users/breditor/followers"
],
"sensitive": true,
"atomUri": "https://infosec.exchange/users/breditor/statuses/109838641727578519",
"inReplyToAtomUri": null,
"conversation": "tag:infosec.exchange,2023-02-10:objectId=43631667:objectType=Conversation",
"content": "<p>Quick and dirty @okta win: deny authentication to workforce apps from anonymising proxies. If you don’t have network-based controls for this, the blunt way is to add a dynamic network zone in Okta (pictured) that blocks these requests pre-authentication.</p><p>The cons: some loss of visibility into adversary behaviors, and it’s tricky to make exceptions. <br />The pros: adding friction and risk to the sort of adversary whose MO is buying access to stolen session tokens. </p><p>In my experience there are relatively few orgs with staff that have a genuine need to authenticate using anonymizing services. More often the admin didn’t know it was this easy to do.</p>",
"contentMap": {
"en": "<p>Quick and dirty @okta win: deny authentication to workforce apps from anonymising proxies. If you don’t have network-based controls for this, the blunt way is to add a dynamic network zone in Okta (pictured) that blocks these requests pre-authentication.</p><p>The cons: some loss of visibility into adversary behaviors, and it’s tricky to make exceptions. <br />The pros: adding friction and risk to the sort of adversary whose MO is buying access to stolen session tokens. </p><p>In my experience there are relatively few orgs with staff that have a genuine need to authenticate using anonymizing services. More often the admin didn’t know it was this easy to do.</p>"
},
"attachment": [
{
"type": "Document",
"mediaType": "image/png",
"url": "https://media.infosec.exchange/infosec.exchange/media_attachments/files/109/838/637/753/082/184/original/9f808023f2623abc.png",
"name": null,
"blurhash": "UASF@Ts.9FRiWARks:R*00f5RjofxtM{WAj]",
"width": 1536,
"height": 975
}
],
"tag": [],
"replies": {
"id": "https://infosec.exchange/users/breditor/statuses/109838641727578519/replies",
"type": "Collection",
"first": {
"type": "CollectionPage",
"next": "https://infosec.exchange/users/breditor/statuses/109838641727578519/replies?only_other_accounts=true&page=true",
"partOf": "https://infosec.exchange/users/breditor/statuses/109838641727578519/replies",
"items": []
}
},
"likes": {
"id": "https://infosec.exchange/users/breditor/statuses/109838641727578519/likes",
"type": "Collection",
"totalItems": 2
},
"shares": {
"id": "https://infosec.exchange/users/breditor/statuses/109838641727578519/shares",
"type": "Collection",
"totalItems": 0
}
}
}