cookie digger

Discuss the many weaknesses of browser security and ways to mitigate the threat

cookie digger

Post by cool4dmin on Wed Sep 21, 2011 8:42 am
([msg=61695]see cookie digger[/msg])

Hi,
I tested the cookie digger tools from foundstone. But it couldn't get the cookies of the site.
what's the problem?
cool4dmin
New User
New User
 
Posts: 11
Joined: Wed Sep 21, 2011 8:40 am
Blog: View Blog (0)


Re: cookie digger

Post by tremor77 on Wed Sep 21, 2011 11:00 am
([msg=61699]see Re: cookie digger[/msg])

cool4dmin wrote:Hi,
I tested the cookie digger tools from foundstone. But it couldn't get the cookies of the site.
what's the problem?


Cookies are not stored on websites.. they are stored on the computers of those who are browsing the website, so that the website will be able to retrieve information on those users when they make a return visit. Cookie digger will not get you the cookies, but it will tell you what type of information the cookie -would be- storing.. and whether or not said information was encrypted and/or important (like usernames and passwords)

CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values.


On another note - I didnt know about this particular software.. when I googled it I found a treasure trove of freesofts from McAfee - I need to remember where they are for later.. so - tremor this links for you - http://www.mcafee.com/us/downloads/free-tools/index.aspx
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 865
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: cookie digger

Post by cool4dmin on Wed Sep 21, 2011 9:51 pm
([msg=61727]see Re: cookie digger[/msg])

Thanks tremor77,
But cookiedigger can get the cookies. because it uses from IE Browser to browse the site. then u determine the page contained session token with multiple username and password. then cookiedigger tries to gather some cookies from those accounts.
see it:
http://www.mcafee.com/us/resources/white-papers/foundstone/wp-using-cookiedigger-web-session-mgmt.pdf
cool4dmin
New User
New User
 
Posts: 11
Joined: Wed Sep 21, 2011 8:40 am
Blog: View Blog (0)


Re: cookie digger

Post by LoGiCaL__ on Wed Sep 21, 2011 10:31 pm
([msg=61728]see Re: cookie digger[/msg])

On another note - I didnt know about this particular software.. when I googled it I found a treasure trove of freesofts from McAfee - I need to remember where they are for later.. so - tremor this links for you - http://www.mcafee.com/us/downloads/free ... index.aspx


Sweet deal and yet another reason why doing research pays off.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1060
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests