/
Burp Suite Analysis By Noah Berson Burp Suite Analysis By Noah Berson

Burp Suite Analysis By Noah Berson - PowerPoint Presentation

debby-jeon
debby-jeon . @debby-jeon
Follow
397 views
Uploaded On 2018-03-07

Burp Suite Analysis By Noah Berson - PPT Presentation

Initial Peek Confirmed the use of OAuth for their SSO system Able to read useragent info of the user Additional tracking data that is being captured Text slightly obscured since the username and ID: 642045

user parameters suite visible parameters user visible suite data session burp company post comcast info advertisements

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Burp Suite Analysis By Noah Berson" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

Burp Suite Analysis

By Noah BersonSlide2

Initial Peek

Confirmed the use of OAuth for their SSO system

Able to read user-agent info of the user

Additional tracking data that is being capturedSlide3

Text slightly obscured since the username and

passwd

fields were visible in plaintext here for the post

Also visible in parameters easily, sorted data for the POSTSlide4

Logged In cookie

The parameters show a lot of information about the session, which would let someone spoof the session. It also shows the zip code of the user.

Advanced burp suite could modify the parameters in anyway it wishedSlide5

3

rd

party info

We can see the sites Comcast connects to for advertisements. oas.central.Comcast.net seems to be internal but is part of a different company, possibly a partnership

Rubicon project is a company based in LA for advertisements.