Pen-testing Cookie Cadger continues where Firesheep left off
Posted on 01 October 2012.
When the Firesheep extension was revealed to the world in late 2010, its developer said that his main goal was to get sites to switch to full end-to-end encryption, i.e. SSL.

Since then, many big sites such as Twitter, Facebook, Hotmail and others have either turned on HTTPS by default or have given the option to its users to switch it on.

Having partially achieved his goal, Butler hasn't bothered with updating the extension, which hasn't worked since Firefox 3.x.

Still, there are other developers who have taken up the torch, and among them is Matthew Sullivan, a graduate student in the Information Assurance and Computer Engineering departments at Iowa State University, who on Sunday presented his "Cookie Cadger" to the crowd assembled at this year's DerbyCon.



"Cookie Cadger is a graphical utility which harnesses the power of the Wireshark suite and Java to provide a fully cross-platform, entirely open-source utility which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis," Sullivan explains on the program's official website.

It's an open source pen-testing tool made for intercepting and replaying specific insecure HTTP GET requests into a browser.

You can download the app immediately if you are prepared to pay at least $10 (the proceeds go to Hackers for Charity), or you can wait a few weeks and download the source code for free.

The tool works on Windows, Linux, or Mac, and requires Java 7 and “tshark” – a utility that's part of the Wireshark suite.

"Additionally, to capture packets promiscuously requires compatible hardware. Capturing Wi-Fi traffic requires hardware capable of monitor mode, and the knowledge of how to place your device into monitor mode," Sullivan adds, and points out that the software is still in beta, so issues and bugs are likely.






Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //