Pen-testing Cookie Cadger continues where Firesheep left off
Posted on 01 October 2012.
When the Firesheep extension was revealed to the world in late 2010, its developer said that his main goal was to get sites to switch to full end-to-end encryption, i.e. SSL.

Since then, many big sites such as Twitter, Facebook, Hotmail and others have either turned on HTTPS by default or have given the option to its users to switch it on.

Having partially achieved his goal, Butler hasn't bothered with updating the extension, which hasn't worked since Firefox 3.x.

Still, there are other developers who have taken up the torch, and among them is Matthew Sullivan, a graduate student in the Information Assurance and Computer Engineering departments at Iowa State University, who on Sunday presented his "Cookie Cadger" to the crowd assembled at this year's DerbyCon.



"Cookie Cadger is a graphical utility which harnesses the power of the Wireshark suite and Java to provide a fully cross-platform, entirely open-source utility which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis," Sullivan explains on the program's official website.

It's an open source pen-testing tool made for intercepting and replaying specific insecure HTTP GET requests into a browser.

You can download the app immediately if you are prepared to pay at least $10 (the proceeds go to Hackers for Charity), or you can wait a few weeks and download the source code for free.

The tool works on Windows, Linux, or Mac, and requires Java 7 and “tshark” – a utility that's part of the Wireshark suite.

"Additionally, to capture packets promiscuously requires compatible hardware. Capturing Wi-Fi traffic requires hardware capable of monitor mode, and the knowledge of how to place your device into monitor mode," Sullivan adds, and points out that the software is still in beta, so issues and bugs are likely.






Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals it’s our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //