[Video] Session Hijacking using Cookie Cadger

We all know that we can sniff passwords in our networks easily even if its sent over HTTPS (ie: SSL encrypted) , the problem is  most of users these days save their passwords in their favourite website (the “keep me logged in feature”) , when you do this the website authenticates the users using their cookies not using their password , this means the password is not sent over the network and therefore we can’t sniff it , instead we can sniff the user’s cookies and inject it into our browser.

In the past I used to use a tool called Hamster , however this tool is outdated now and the download link on its official website is broken , the one in backtrack keeps crashing and doesn’t always work.

Another famous tool to do this is a firefox plugin called firesheep , again its old and there is no official release for linux.

Cookie Cadger is a great program written in java , its very easy to use and best of all , it always works , every time I run a test it works perfectly.

To run Cookie Cadger you will need Wireshark , Java 7 and a new version of Firefox.

 

PS: you can use sslstrip with this attack to downgrade HTTPS connections to HTTP

Advertisements

One thought on “[Video] Session Hijacking using Cookie Cadger

  1. Howdy thhis is kind of of off topic butt I was wanting to know if blogs use WYSIWYG editors or if
    you have to manually code with HTML. I’m starting a blog
    soon but have noo coding knowledge so I wanted to get advice from someone
    withh experience. Anny help would bbe enormously
    appreciated!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s