Pen-testing Cookie Cadger continues where Firesheep left off
Posted on 01 October 2012.
When the Firesheep extension was revealed to the world in late 2010, its developer said that his main goal was to get sites to switch to full end-to-end encryption, i.e. SSL.

Since then, many big sites such as Twitter, Facebook, Hotmail and others have either turned on HTTPS by default or have given the option to its users to switch it on.

Having partially achieved his goal, Butler hasn't bothered with updating the extension, which hasn't worked since Firefox 3.x.

Still, there are other developers who have taken up the torch, and among them is Matthew Sullivan, a graduate student in the Information Assurance and Computer Engineering departments at Iowa State University, who on Sunday presented his "Cookie Cadger" to the crowd assembled at this year's DerbyCon.



"Cookie Cadger is a graphical utility which harnesses the power of the Wireshark suite and Java to provide a fully cross-platform, entirely open-source utility which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis," Sullivan explains on the program's official website.

It's an open source pen-testing tool made for intercepting and replaying specific insecure HTTP GET requests into a browser.

You can download the app immediately if you are prepared to pay at least $10 (the proceeds go to Hackers for Charity), or you can wait a few weeks and download the source code for free.

The tool works on Windows, Linux, or Mac, and requires Java 7 and “tshark” – a utility that's part of the Wireshark suite.

"Additionally, to capture packets promiscuously requires compatible hardware. Capturing Wi-Fi traffic requires hardware capable of monitor mode, and the knowledge of how to place your device into monitor mode," Sullivan adds, and points out that the software is still in beta, so issues and bugs are likely.






Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //