Friday, November 16, 2012 0 comments
There are so many web applications that are vulnerable to information leakage due to insecure HTTP requests. These kind of websites are vulnerable to data theft over the insecure WiFi or ethernet LAN. Although it happens to only those website who does not use SSL/TLS, but there are so many apps which still runs on http. And https costs high, so most of the webmaster still not able to get it.
I already posted about Firesheep which can capture data from insecure wirless and ethernet LAN. This tool can be used as session hijacking tool over the network to hack Gmail, Facebook or Twitter sessions.
Read how to hack Gmail, Facebook and other web accounts with Firesheep Firefox extension
To protect your web accounts from these kind of session hijacking and data capturing tool, you can use HTTPS Everywhere that is available on Google Chrome and Firefox. It provides HTTPS security to all website whether it has https or not.
Cookie Cadger is another nice tool for Network Auditing that helps in utilizing insecure HTTP GET requests from web applications. It shows how applications claiming to be secure are not secure enough to protect users data. It is an opensource penetration testiing tool that intercept insecure HTTP GET requsts into the browsers.
It is a nice tool with Graphical user friendly interface. This tool is powered by the power of Wireshark suite and Java. It is a fully cross-platform, entirely open-source utility which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis.
As I already mentioned that Cookie Cadger is an opensorce tool and available under the FreeBSD license. You can download the full source code of the tool to see and analyze how it works.
Download source code of Cookie Cadger
Download Cookie Cadger, Network Auditing Tool
Read More: Prevent Firesheep attack by using blacksheep and use unsecured network in secure way