Using Cookie Cadger for Live Packet Capture

I’m very sorry I wasn’t able to get to this sooner, I know I said I would write one. But now I’m home and I’m going to write a guide to capturing you first cookies with Cookie Cadger. If you haven’t already downloaded Cookie Cadger do so now. Cookie cadger is a Java package so you will also need to have Java 7 downloaded as well a a Wireshark Package called tshark. If you have Wireshark installed tshark should be installed also. But if it isn’t, download it from what ever package manager you use.

The next step before you open up Cadger is to set your card into monitor mode. I wrote a guide that should work for almost every wireless card on the market. But if my guide doesn’t work a little bit of Googling around should find a guide that will work for your card. Once you set your card into monitor mode you need to open the CookieCadger.jar package. Note: Some users have reported issues with Cadger not recognizing capture devices. This problem can be solved by running Cadger as root.

Once you open up Cadger and you will first be presented with a little bit of text. It is asking you if you want it to automatically begin capturing traffic when the real program starts up. It also informs you about the legality of what you are about to do. I believe that in the United States at least it is legal to capture insecure traffic. Correct me if I’m wrong. Anyways click yes.

Once you click Yes another screen will load up. The first thing you want to select is the interface you want to capture cookies on. Cadger will list what ever interface you have set into monitor mode. If you set eth0 chose eth0 if you set wlan0 chose wlan0.

If you selected the correct interface, for example eth0 you should start seeing a bunch of insecure cookies as long as you are on a network with people using the internet. Click on the tab recognized sessions, find a cookie that you like, Facebook is a good one to start with. Open the cookie in your browser.

The cookie will load up and you will have access to the persons Facebook! There is definitely a lot more potential behind Cookie Cadger than just breaking into peoples Facebook’s. Play around with Cadger a bit and you’ll find it’s a really great tool. Use your new found powers wisely.

Note: Using Cadger is exactly the same on any OS. Command line mode may differ. The only difference is how you get your card into monitor mode. We have a guide for Linux and a guide for Mac. A guide for Windows is in the works.

If you have any questions or something I need to add tell me in the comments.


8 thoughts on “Using Cookie Cadger for Live Packet Capture

    1. ctrlaltnarwhal Post author

      Cookie Cadger on windows and Linux is basically the same. Only the install is a little different. I could write up a guide for monitor mode and install though.

      1. Bacon_Sticks

        Yeah, the only trouble I have is with monitor mode. I am not sure how to put my network card into promiscuous mode on Windows.

    2. building_drop_boxes

      Have you seen any issues where recognized sessions does not work? I can’t get the plugins to work under Linux or MacOS. Do you have any detail on CLI options aside from those dumped from –help? I’d like to be able to declare interfaces to start on via CLI, or even operate headless under pwnpi or something similar. Do you also know of any way to merge sqlite databases to consolidate captures? The database itself holds much more data than is presented by the GUI and is useful by itself.

      1. ctrlaltnarwhal Post author

        I haven’t had any issues with the recognized sessions feature I use Xubuntu but depending on your distro. You may also want to look into what kind of dependences Cadger has. Another possibility is that it is a bug and you can contact the developer to talk to him about it. As for the CLI options I have no details on the options other than the dump from –help. Other than writing this tutorial I don’t use Cadger I normally use Ettercap which is a slightly more advanced tool. So I have no knowledge about merging the databases. I would get in contact with the developer if you have any more questions.

  1. BriZzZ

    I am using it on Ubuntu 12.04. I can’t seem to see other network users’ packets.
    Is it monitor mode or Promiscuous mode ?
    Do i need to be connected to the AP ?

    1. ctrlaltnarwhal Post author

      Cookie Cadger is in beta it could be having some kind of issue with your card. Monitor mode and promiscuous mode are the same thing. You do need to be connected to the AP but your router my be processing all your traffic encrypted. Try disabling WPA2.

  2. Percy

    Thanks for this useful guide.

    I have no problem using monitor mode on mon0 nor seeing the various NIC MACs and requests. Many of these requests have cookie parameters.

    However, I never see any “recognized sessions”. I don’t know why?

    I’ve watched the Derbycon video but can’t figure out why I never have “recognized sessions”. Perhaps you have some ideas?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s