Cookie Cadger – Cookie auditing tool for wired and wireless networks

Tool Description

Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests.

Web providers have started stepping up to the plate since Firesheep was released in 2010. Today, most major websites can provide SSL/TLS during all transactions, preventing cookie data from leaking over wired Ethernet or insecure Wi-Fi. But the fact remains that Firesheep was more of a toy than a tool. Cookie Cadger is the first open-source pen-testing tool ever made for intercepting and replaying specific insecure HTTP GET requests into a browser.

Cookie Cadgers Request Enumeration Abilities

Cookie Cadger is a graphical utility which harnesses the power of the Wireshark suite and Java to provide a fully cross-platform, entirely open- source utility which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis.

Tool Source: https://www.cookiecadger.com/

Kali Repo: http://git.kali.org/gitweb/?p=packages/cookie-cadger.git;a=summary

Tool Install

This tool does not come pre-built in basic Kali Linux ISO install (unless you customise the install). You need to open a Terminal Window and type:

apt-get install cookie-cadger

This tool will require 37.1 Mb of additional space. There are no additional dependancies required. Your installation should look something like this:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  cookie-cadger
0 upgraded, 1 newly installed, 0 to remove and 5 not upgraded.
Need to get 37.1 MB of archives.
After this operation, 37.1 MB of additional disk space will be used.
Get:1 http://http.kali.org/kali/ sana/main cookie-cadger all 1.06-1kali0 [37.1 MB]
Fetched 37.1 MB in 14s (2,641 kB/s)                                            
Selecting previously unselected package cookie-cadger.
(Reading database ... 324603 files and directories currently installed.)
Preparing to unpack .../cookie-cadger_1.06-1kali0_all.deb ...
Unpacking cookie-cadger (1.06-1kali0) ...
Setting up cookie-cadger (1.06-1kali0) ...

General Details

[email protected]:~# cookie-cadger --help
Cookie Cadger, version 1.06
Example usage:
java -jar CookieCadger.jar 
    --tshark=/usr/sbin/tshark
    --headless=on
    --interfacenum=2    (requires --headless=on)
    --detection=on
    --demo=on
    --update=on
    --dbengine=mysql    (default is 'sqlite' for local, file-based storage)
    --dbhost=localhost  (requires --dbengine=mysql)
    --dbuser=user       (requires --dbengine=mysql)
    --dbpass=pass       (requires --dbengine=mysql)
    --dbname=cadgerdata (requires --dbengine=mysql)
    --dbrefreshrate=15  (in seconds, requires --dbengine=mysql, requires --headless=off)

 Usage Example

[email protected]:~# cookie-cadger

Video Tutorial: Coming Soon!

 

AIRCRACK-NG

Tool Description

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimisations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.

Tool Source: http://aircrack-ng.org/

Kali Repo: http://git.kali.org/gitweb/?p=packages/aircrack-ng.git;a=summary

Included Tools:

  • airbase-ng – Configure fake access points
  • aircrack-ng – Wireless password cracker
  • airdecap-ng – Decrypt WEP/WPA/WPA2 capture files
  • airdecloak-ng – Removes WEP cloaking from a pcap file
  • airdriver-ng – Provides status information about the wireless drivers on your system
  • aireplay-ng –  Primary function is to generate traffic for later use in aircrack-ng
  • airmon-ng – This script can be used to enable monitor mode on wireless interfaces
  • airmon-zc – This script can be used to enable monitor mode on wireless interfaces
  • airodump-ng – Used for packet capturing of raw 802.11 frames
  • airodump-ng-oui-update – Downloads and parses IEEE OUI list
  • airolib-ng – Designed to store and manage essid and password lists
  • airserv-ng – A wireless card server
  • airtun-ng – Virtual tunnel interface creator
  • besside-ng -Automatically crack WEP and WPA networks
  • buddy-ng
  • easside-ng – An auto-magic tool which allows you to communicate via an WEP-encrypted access point
  • ivstools – This tool handle .ivs files. You can either merge or convert them
  • kstats
  • makeivs-ng – Generates initialization vectors
  • packetforge-ng – Create encrypted packets that can subsequently be used for injection
  • tkiptun-ng – This tool is able to inject a few frames into a WPA TKIP network with QoS
  • wesside-ng – Auto-magic tool which incorporates a number of techniques to seamlessly obtain a WEP key
  • wpaclean – Remove excess data from a pcap file

Video Tutorial: Coming Soon!