Cookie Cadger – Tool for auditing non encrypted Web Traffic

Wireless networks are widely used in public places such as airports, coffee shops or hotels. having access to network will allow attackers listening to some sensitive information. Many users still share private and personal information through Web services which emphasize the HTTP protocol to transport unencrypted data rather than HTTPS encrypted version using SSL / TLS.

Here we have the Cookies which can be used for authentication, session or to store specific information about users, such as preferences of a site or the content of electronic shopping cards.  Although cookies from certain sites are detected and prevented by many antivirus software because they allow users to be tracked when they visit certain websites.

For pentest a wireless network that are used for web browsing we can consider Cookie Cadger. this is a tool that can be used with standard sniffer such as wirshark to identify information leakage from applications that utilize insecure HTTP GET requests.

http://3.bp.blogspot.com/-E5ud28C1EJk/UJVd2KYpiuI/AAAAAAAABGI/yWIfL13jJR8/s1600/CookieCadgerRequests.png

Cookie Cadger works on Windows, Linux, or Mac, and requires Java 7. Usually simply installing Wireshark will be sufficient. Additionally, to capture packets promiscuously requires compatible hardware. Capturing Wi-Fi traffic requires hardware capable of monitor mode, and the knowledge of how to place your device into monitor mode.

If you are planning to use a Wi-fi network be sure to activate a VPN connection and for sensitive data make sure that you are using SSL/ TLS so you encrypt all your non encrypted navigation to different websites.  you can download Cookie Cadger on the following link: https://www.cookiecadger.com/files/CookieCadger-0.9.jar

Share