CookieMonster Files

CookieMonster that demonstrates HTTP session hijacking attacks. It sniff your 
network interface and hijack all cookie. The hijacked cookies 
can be edit and/or injected in your Firefox. It include a arp poisoning tool.
------------------------------------------------------------------------
2011/07/02
	* Release version v0.0.2
Fix bug on edit cookie, and fix segmentationfault see ticket, 
used sqlite bind param to avoid injection in firefox cookie sqlite3 file
Thank to Rob for this help on the segmentation fault bug

2011/06/25:
	* Release version v0.0.1
------------------------------------------------------------------------

Warning: Need root right

Don't forget if you use arp poisoning:
    # echo 1 > /proc/sys/net/ipv4/ip_forward

------------------------------------------------------------------------
TODO:
    * Better error handling on filter with exclude me options
    * Possibility to add or remove host manually in arp scan ( in case of scan failed )
    * New tab firfox cookie manager
    * Sniff data from a PCAP file
    * Clean ARP on application exit if running
    * Launch firefox with user right not root
    * Switch button to start when sniff/arp thread failed
	* Export sniffed cookie
	* Import sniffed cookie
	* Iframe injector to force to connect to site to steal cookie

------------------------------------------------------------------------
To build this source you need:
	* libpcap
	* libnet
	* libnids
	* libgtk2.0
	* libsqlite3 ( need to be >=3.7 )

------------------------------------------------------------------------
Ubuntu/Debian you need to install
libpcap-dev libnet-dev libnids-dev libgtk2.0-dev libsqlite3-dev

------------------------------------------------------------------------
Video demonstration
http://www.vimeo.com/25591521

------------------------------------------------------------------------
For backtrack the sqlite3 is too old (need to be >=3.7) to open firefox cookie.sqlite
Dirty way (simply override the package version):

wget http://www.sqlite.org/sqlite-autoconf-3070700.tar.gz
tar xzvf sqlite-autoconf-3070700.tar.gz
./configure --prefix=/usr
make
make install

-----------------------------------------------------------------------
Repository:
git clone git://cookie-monster.git.sourceforge.net/gitroot/cookie-monster/cookie-monster

------------------------------------------------------------------------
From source:
	./configure && make

------------------------------------------------------------------------
Warning, if you import from git, you need to do:
 $ ./bootstrap.sh

------------------------------------------------------------------------
Based on code of dsniff particularly urlsnarf and arpspoof write
by Dug Song code availaible here
http://monkey.org/~dugsong/dsniff/
 
------------------------------------------------------------------------
Copyright (C) 2011 by Hugo Caron

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.