Skip to main content

Mist AI vs Clarke’s Law: Magic is Technology we don’t understand yet.

Packet Magician

Have you ever watched a magician perform a magic trick and wondered how he did it?
Today I’m going to reveil the magic that Packet Magician Peter MacKenzie is using to block his kids internet.

If you’ve been in Peter’s JNCIS MistAI class you’ve probably seen him say “hey Siri, Block Luke’s internet” with an evil grin on his face.  If not, Jussi Kiviniemi got a screenshot of it on twitter.

Did you get an Mist AP on one of the Wireless Wednesdays and want to get your kids to the dinner table? Or do you just want to show off to your boss by enabling the guest network by a voice command? Then keep reading.

Getting the right code

Everything that we do in the Mist UI is translated into API calls. So first off we need to get the right API call. I’m going to use the block internet example here, but you can to the same with enabling or disabling an SSID.

As we are using a WxLAN policy that blocks access for a client we need to build that rule first.
It is made of 3 components, a group of clients, an action (block) and a resource.

First off I created a label under Network -> Labels.
Here I grouped the mac addresses for my kids devices

Labels

Next I needed to build the policy, again on the site level so under Network -> Policy I created a policy using the label Kids and blocking them access to All resources. I’ve saved the rule and then DISABLED it. In the end I’ve created 3, each one of my boys individually, and them all combined.

Wxlan Policies

Now this is where the magic happens, now I need to build or steal the API call needed to to enable the rule I want.  Building is quite hard but there is loads of documentation found here and here.
So I’m going to show you how to steal the API call. For that the I’m going to open the Mist UI using Google Chrome.

Under the Menu -> More Tools you can find Developer Tools.
With these Developer Tools we can see everything our browser is doing on a webpage. This can be a lot so I’ve added a filter to just show me things to api.mist.com

Chrome Developer Tools

So now when I enable the policy and press save I can see the actual API calls made:
API Call displayed

You can see the PUT method as we are changing a value not a POST and creating a new entry. And in the body we see the “Enabled” set to “True”
Enabled

The API call and the Enabled : True is what we need for our plan. The only other thing we need is API access. We need an API token.

API Token:

If you are logged in to the Mist UI you can get a token by going to the following URL : https://api.mist.com/api/v1/self/apitokens

you should see something like this, though yours might be blank.
API Token

To get a token just press the post button at the bottom BUT the token wil only be shown to you ONCE!

API Token revealed

Save it in your password vault as this is your access to everything your account is entitled to in the Mist Environment!

Siri

Now lets get this stuff over to Siri. On your IOS device if you haven’t already install the shortcuts app.

Now we’re going to add a new shortcut by using the + icon.

For type of shortcuts choose Web.
Then under Web Requests choose Get Contents of URL.

This is where we need to add our collected components :

Siri Shortcuts

Now name it, save it and go bully your kids! Oh and don’t forget to create an Enable Kids Internet. Just to the same thing again but set Enabled to False!