02 Oct 2012

$10 Packet Monitoring Application Gives Hackers Passwords


Firesheep, the little addon for Firefox that allowed an attacker to steal cookies from people browsing the web from public hotspots, now has a scarier, meaner successor called Cookie Cadger. Development on the Firesheep project has stopped after the vast majority of social network services defaulted user traffic to SSL/TLS, but users who need a real-live demonstration on the dangers of unencrypted Wi-Fi can now tinker with a new open-source pen-testing tool: Cookie Cadger.

The application, presented at DerbyCon, is momentarily available for $10, but will be open-sourced soon. Unlike Firesheep, which used to steal authentication cookies sent between a user and the website they try to connect to, Cookie Cadger intercepts and replays specific insecure HTTP GET requests into a browser.

"Cookie Cadger is a graphical utility which harnesses the power of the Wireshark suite and Java to provide a fully cross-platform, entirely open-source utility which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis," wrote Sullivan on the application’s official website.

The tool supports live analysis of data that is being captured over Wi-Fi or wired connections, as well as analysis of the data already captured and stored in dumps. This multi-platform utility is written in Java and works on Windows, Linux, or Mac. The application can also capture packets in promiscuous mode (packets that originate from other users), but it only works with compatible hardware.

"Additionally, to capture packets promiscuously requires compatible hardware. Capturing Wi-Fi traffic requires hardware capable of monitor mode, and the knowledge of how to place your device into monitor mode," Sullivan said.

Since security software can’t protect the user against a sniffing attack, users are advised to avoid connecting to open Wi-Fi networks and use a 3G connection instead whenever possible.