Search This Blog

Monday, December 10, 2007

[TOOL] The Cookie Tools

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html


- - - - - - - - -

The Cookie Tools
------------------------------------------------------------------------


SUMMARY

DETAILS

The cookie tool project includes two tools:
* cookiesniffer is a simple and powerful cookie sniffer that recognizes
(through heuristics) and reconstructs (through libnids) new and existing
HTTP connections, parsing any valid or partially valid HTTP message. The
output is a set of files containing the gathered information with
time-stamps in a format that can be trivially searched and parsed with
standard UNIX tools such as grep, awk, cut and sed. It supports wireless
(AP_DLT_IEEE802_11) networks.

* cookieserver lets you to impersonate the cookies of someone else in
your browser using the logs of cookiesniffer (in few seconds). This attack
is also called "side-jacking", "cookie replay attack" and "HTTP session
hijacking" but probably I'm missing other fancy names. This is something
known from ten years but that is still (too much) effective.


ADDITIONAL INFORMATION

The information has been provided by
<mailto:michele.dallachiesa@gmail.com> michele dallachiesa.
To keep updated with the tool visit the project's homepage at:
<http://xenion.antifork.org/cookietools/index.html>

http://xenion.antifork.org/cookietools/index.html

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)