Results 1 to 4 of 4

Thread: Only capturing one type of cookie using wifizoo

  1. #1
    Member imported_anubis2k7's Avatar
    Join Date
    Jun 2006
    Posts
    115

    Default Only capturing one type of cookie using wifizoo

    So I’ve been playing around with wifizoo, both on BT3 and installed on BT2 using Dr_GrEeN’s tutorial.

    I’m noticing that I am only able to capture useable cookies for gmail. Here’s my test methodology:

    I login to gmail 4 times. I see the cookie roughly 2 out of 4 attempts.

    I login to another “secure” website i.e. hotmail 4 times. I see nothing, or if I do, when the cookie is set and I browse to the website, I see nothing (as if I am not logged in)

    I login to yet another “secure” website 4 times. Same as above.

    Note: I clear the cookie each time prior to logging in.

    I’ve tried this with approximately 4 other different “popular” secured websites, but it seems only gmail is susceptible to cookie interception.

    I am able to see the traffic move back and forth in the shell prompt. I am running kismet for channel hopping. I have configured firefox to use the wifizoo proxy (127.0.0.1:8080).

    I am using a dlink g630 wireless card (atheros), a netgear and a cisco wireless router.

    Why can’t I see any cookies for other websites?

    Thanks.

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    The tool is new to most of us too so if I were you I would do a little research a get a email address for the creator of the tool.

  3. #3
    Member imported_anubis2k7's Avatar
    Join Date
    Jun 2006
    Posts
    115

    Default

    Quote Originally Posted by pureh@te View Post
    The tool is new to most of us too so if I were you I would do a little research a get a email address for the creator of the tool.
    Not a bad idea. I might have to do that. It seems to me that this problem I'm having simply needs a "tweak" to get it to work. This is my gut feeling. I had a similar problem with ettercap until I finally found out about IPV4 forwarding.

    I know that it is possible, since I have seen a number of video tutorials where people log on to different websites using wifizoo.

    Some more theoredical questions I have are: If I am able to connect to a WEP or WPA secured network, why won't wifizoo pick up cookies coming accross the secured network? And what is to keep someone from developing "etherzoo" where they could plug into a default gateway/switch/router and intercept the cookies? To me, this would be a particularly devistating attack, since the victim would have no knowledge or indication that their account is being hijacked.

    Thanks.

  4. #4
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    http://erratasec.blogspot.com/2007/0...amster_05.html

    Edit cookie extension for firefox? Might work.
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •