API Everything

Operation Chatops

Initial Setup

Pre-req’s to follow along:

A Hypervisor inside your network
A Firewall inside your network
A Domain with some DNS-Fu pointing to your Firewall
Webex installed locally

Create Server to host bot code:

Go to https://ubuntu.com/download/server and download the latest Ubuntu Server ISO.
Log into your hypervisor and upload the iso.
Start a new VM and assign the iso. I’m trying 1CPU/2GB for assigned resources.
Install Ubuntu Server, assign a static IP and create a strong username password combo.
Make sure you update the packages with sudo apt update && sudo apt upgrade -y. Just do it. Once it’s upgraded, you’ll be on Pytyhon 3.10.6 or higher, which you want. You can check this with $python3 –version.
I installed the most minimal Ubuntu Server possible so I had to install iputils-ping, net-tools, htop, nano, ssh, and python3-pip.
You will have to install python3-pip with sudo apt install python3-pip, and some cli text editor.

Create a bot at developer.webex.com:

Go log into developer.webex.com.
Click Start Building Apps, click Bot, and assign values.
The Bot Name is a friendly name.
The Bot username is the actual bot address that you will use to msg it from within Webex Teams.
Once you create the bot, you’ll be taken to a Congrats screen which shows you a Bot Access Token. RECORD THIS, you will never be able to see it again! It’s important to have because it is essentially your bot’s API Key.
Also save the Bot ID.
I save the following to a textfile:

1. Bot Name aka
2. Bot ID aka
3. Bot Access Token aka

Install Ngrok on Server:

Install Ngrok, following this guide –> https://ngrok.com/download.
Go ahead and sign up for a free Ngrok account, so that you can get around the 2hr time limit.
Sign into ngrok.com and get your access token, under Getting Started > Your Authtoken.
Add your ngrok authtoken to your server using the linked instructions above.
Start up ngrok on whatever port you choose, aka . Run ngrok on and leave the process running! Copy the Forwarding Address from the Ngrok output, this is for the bot code portion below!

Prep Your Firewall:

Poke a hole through your firewall for port 53 and . I'd want to caution you against placing the entire server out on a DMZ, but your network setup may vary. I am allowing SNAT from my Ubuntu Server through firewall on only the two ports mentioned above, you should do the same.

Install bot code on Server:

Install the pypi package named webexteamsbot.
Just do a pip install webexteamsbot. Don’t sudo.
Create a test.py file.
Paste in the following code, editing anything within .

from webexteamsbot import TeamsBot

# Retrieve required details from environment variables
bot_name = <not_name> # Bot's friendly name
bot_email = <bot_email>  # Bot's [email protected] address
teams_token = <teams_token>  # The API Key you saw when creating the bot
bot_url = <ngrok_url>  # The Forwarding URL that ngrok shows
approved_users = ["<your_webex_email>"]  # This locks the bot down to only yourself

# Create a Bot Object
bot = TeamsBot(
    teams_bot_name=bot_name,
    teams_bot_email=bot_email,
    teams_bot_token=teams_token,
    teams_bot_url=bot_url,
    approved_users=approved_users
)

# A simple command that returns a basic string that will be sent as a reply
def do_something(incoming_msg):
    """
    Sample function to do some action.
    :param incoming_msg: The incoming message object from Teams
    :return: A text or markdown based reply
    """
    return "i did what you said - {}".format(incoming_msg.text)

# Add new commands to the box.
bot.add_command("/dosomething", "help for do something", do_something)

if __name__ == "__main__":
    # Run Bot
    bot.run(host="0.0.0.0", port=<ngrok_port>)

Alright, now RUN the python script. Python3 test.py.
Note: In the output, you are looking for the following…Correct Teams Bot Email, a Webhook ID, a Flask App name that matches your bot’s friendly name, and that it stays open and running.

At this point, you should have the following:

1. A server to host code.
2. A webex bot created in developer.webex.com.
3. An ngrok account, ngrok auth’ed and running in server.
4. A hole in your firewall, sufficiently small for security.
5. A webexteamsbot python script running in the server.
   Now, take a deep breath, and msg your bot. Send it the text “/dosomething”.

You should see some things.
a. Ngrok should have picked up a POST / 200 OK.
b. The python script should have logged a message from your email address, found command /dosomething, and served two POST’s.
c. In Webex, the bot should have responded “i did what you said…” blah blah blah.

If all of the above is true, then now we are getting somewhere.
If not all of the above is true, then you will now either go back through, troubleshooting from the lowest level on up on your day off, while pulling your hair out…or you will not reap the rewards of connecting your bot to APIs for weird stuffs.

Next up on my list is tear-down of the bot, revising it so that it persists through reboots, and refreshes it’s ngrok url if necessary.

Then, onto conencting it to my on-prem Wazuh server.

My current end-game is to use this Webex Bot to tell an OSSEC Agent on my teenager’s computer to KILL THE INTERNET via a simple webex chat msg, while I resentfully lay in my bed trying to sleep. And maybe some sort of alerting for security, who knows.

I’ll be back with more, later.