CS338 Computer Security
Monday, 30 October 2023

+ Questions about ARP, etc.?

+ Cookies on Burpsuite
- Launch Burpsuite
  Go to Proxy tab
  Launch browser
  Toggle interception on and off depending on your needs
  Check out the HTTPHistory tab
- Use Burpsuite to watch the cookie mechanism
    Response header
    Request header
    Storage (browser inspector somewhere; Application -> Cookies on Chrome)
- Questions
    - Describe the basic cookie sequence of events
    - What happens if you edit a cookie in your browser and revisit the site?
    - Which cookies get sent to which servers? Does subdomain matter?

+ Cookies as useful tool
- List some features, useful to a site visitor, that could be
implemented with cookies.
    - e-commerce: cat food search is stored in cookie, you get to
        see more cat food ads
    - account preferences (e.g., YouTube what to show)
    - keeping you logged in between accesses
    - dark vs. light mode
    - saving your starting location on a map service
    - scrolling, page #, related features
    - save your progress in your most recent video/something
    - shopping cart

- List some features, useful to a site manager, that could be
    implemented with cookies
    - e-commerce: cat food search is stored in cookie

+ Web pages
- Turn on interception in Burpsuite and go to some normal page
- What GET requests are involved in loading one page?
- How many different file types are involved?
- How many different domains are involved?
- Are cookies set on all of those domains? Some? None?

+ Cookies as surveillance
- Think from the "surveillance capitalist's" point of view
- Think from your own point of view
- How do the mechanisms work?