Pen-testing Cookie Cadger continues where Firesheep left off
Posted on 01 October 2012.
When the Firesheep extension was revealed to the world in late 2010, its developer said that his main goal was to get sites to switch to full end-to-end encryption, i.e. SSL.

Since then, many big sites such as Twitter, Facebook, Hotmail and others have either turned on HTTPS by default or have given the option to its users to switch it on.

Having partially achieved his goal, Butler hasn't bothered with updating the extension, which hasn't worked since Firefox 3.x.

Still, there are other developers who have taken up the torch, and among them is Matthew Sullivan, a graduate student in the Information Assurance and Computer Engineering departments at Iowa State University, who on Sunday presented his "Cookie Cadger" to the crowd assembled at this year's DerbyCon.

"Cookie Cadger is a graphical utility which harnesses the power of the Wireshark suite and Java to provide a fully cross-platform, entirely open-source utility which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis," Sullivan explains on the program's official website.

It's an open source pen-testing tool made for intercepting and replaying specific insecure HTTP GET requests into a browser.

You can download the app immediately if you are prepared to pay at least $10 (the proceeds go to Hackers for Charity), or you can wait a few weeks and download the source code for free.

The tool works on Windows, Linux, or Mac, and requires Java 7 and “tshark” – a utility that's part of the Wireshark suite.

"Additionally, to capture packets promiscuously requires compatible hardware. Capturing Wi-Fi traffic requires hardware capable of monitor mode, and the knowledge of how to place your device into monitor mode," Sullivan adds, and points out that the software is still in beta, so issues and bugs are likely.


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 29th