The Cookie Tools
This project includes three tools:
- cookiesniffer is a simple and powerful cookie sniffer that recognizes (through heuristics) and reconstructs (through libnids) new and existing HTTP connections, parsing any valid or partially valid HTTP message. The output is a set of files containing the gathered information with time-stamps in a format that can be trivially searched and parsed with standard UNIX tools such as grep, awk, cut and sed. It supports wireless (AP_DLT_IEEE802_11) networks.
- the analyzers are a set of Bash scripts that help you to analyze quickly the logs of cookiesniffer.
- cookieserver lets you to impersonate the cookies of someone else in your browser using the logs of cookiesniffer (in a few seconds). This attack is also called “side-jacking”, “cookie replay attack” and “HTTP session hijacking” but probably I’m missing other fancy names. This is something known from ten years but that is still (too much) effective.
Download
Documentation
Notes
- This project is released under license GPL version 2
- COMPUTERWORLD: Cookie forgery tools pose danger, says researcher
- BFi#14-dev-07 : “i cookie tools”
- An updated list of some vulnerable and secure web services
Comments
Comment from Rajeev
Date: April 18, 2008, 8:57 am
Sir,
I am trying to do Cookie Poisoning, just for fun, but dont know how to do practically…………….
can u plz help me to do it practically..
Thanks
Rajeev
Comment from xenion
Date: April 18, 2008, 2:24 pm
hi Rajeev,
you should read the official documentation, there’s also a commented example (gmail).
Comment from tjmalena
Date: July 8, 2008, 4:38 pm
I need help for Debian etch.
When i run “make” to compile I have a lot errors as :
[....]
net.h:31:20: error: libnet.h: No existe el fichero o el directorio
In file included from net.h:33,
from main.c:32:
ieee80211.h:44: error: ‘ETHER_ADDR_LEN’ undeclared here (not in a function)
main.c:88: warning: ‘struct ip’ declared inside parameter list
main.c:88: warning: its scope is only this definition or declaration, which is probably not what you want
main.c: In function ‘dissect_eth’:
main.c:99: error: invalid application of ‘sizeof’ to incomplete type ‘struct libnet_ethernet_hdr’
main.c:107: error: dereferencing pointer to incomplete type
main.c:107: error: ‘ETHERTYPE_IP’ undeclared (first use in this function)
[...]
What is the solution??
Tanks in advance
Comment from xenion
Date: July 8, 2008, 5:43 pm
you need libpcap, go rtfm!
Comment from tjmalena
Date: July 9, 2008, 7:20 pm
Do not work at all
Debian-LAB:/home/devel/work/cookietools-0.4# make
cd src ; make
make[1]: se ingresa al directorio `/home/devel/work/cookietools-0.4/src’
%
% Compiling cookiesniffer of cookietools v0.4
%
% CC……………….: cc
% CFLAGS……………: -Wall -O3
% LDFLAGS…………..:
% LIBS……………..: -lpcap -lnet -lnids
% DEFS……………..:
%
cc -c -DVERSION=\”0.4\” -Wall -O3 main.c
main.c: In function ‘dissect_tcp’:
main.c:234: warning: implicit declaration of function ‘nids_find_tcp_stream’
main.c:257: warning: implicit declaration of function ‘nids_pcap_handler’
main.c: In function ‘main’:
main.c:1000: error: ‘struct nids_prm’ has no member named ‘pcap_desc’
main.c:1002: error: ‘struct nids_prm’ has no member named ‘tcp_workarounds’
make[1]: *** [all] Error 1
make[1]: se sale del directorio `/home/devel/work/cookietools-0.4/src’
make: *** [build] Error 2
Debian-LAB:/home/devel/work/cookietools-0.4#
Thanks for reply soon friend last question
Up to soon
Comment from xenion
Date: July 10, 2008, 11:56 am
read the documentation. bye 
Write a comment