Francisco Javier Espinosa Pineda
Task 1: Description and Analysis of the Collection Data Scripts
This is the report for the analysis of requested demo site with URL: http://fh-demo-site.groupib.com/, in order to make an identification of scripts that are meant to collect user data and be
sent to a remote server through GET/POST methods, following are the descriptions of the
scripts that are in charge of doing this tasks:
1.- Identification of the script
The script in charge of collecting the user data is the sb.js which initially only gets the next
parameters identified through the object navigator which basically gets only the data of the
browser used to visit the website through the UserAgent property, as seen in the next
visualization of the console debbuger:
2.- Identification of the method to pass the parameters collected
It can be seen in the console that all are XMLHttpRequests that the sb.js script passes the
parameters through a POST request:
The parameters passed are the next ones, including the “User-Agent” parameter which
contains the data collected from the user:
3 & 4.- identification of the server and the state of the script
As per the previously analysis performed, we can see that all parameters are sent to the
sbbe.group-ib.ru server and it looks like the script doesn’t change as time passes, it only keeps
sending the same information repeatedly.
0
