How to creep your kids out.

This week I played around some more with penetration tools. I admit, it is kind of fun. But I have mixed feeling about this because these tools in the wrong hands can be so easily misused. I played around with a Java application called Cookie Cadger. It is available at www.cookiecadger.com. Cookie Cadger can be used for session hijacking, in a similar way to Firesheep. It does this by monitoring for packets containing session cookies. After it finds the cookies, they are placed in a list. Just click on a session cookie and the hijacked session will pop up in Firefox. It was too easy. I used a machine running Backtrack Linux as the attack machine. First I attacked the victim computer over encrypted WIFI. I did this by doing a man in the middle attack. I used Nmap to find the IP address of the victim. I used a simple command line tool called Arpspoof for the MITM attack. Before I knew it I had hijacked my Yahoo mail, Blogger, and YouTube accounts. Then I temporary turned off my router’s encryption, it simulate an open WIFI spot. With Linux I was able to set the card into monitor mode and capture all packets coming from my home computers.

I showed my youngest son and daughter how it worked. My daughter’s reaction was, “That is creepy, totally creepy!” My oldest daughter came by for a visit. She pulled out her smart phone and connected to the home WIFI. My younger daughter said, “Be careful. Dad can see everything. I mean EVERYTHING!” It is kind of creepy. How many people will use an unsecure WIFI hotspot without a thought not realizing that the person sipping coffee at the next table is stealing all their personal secrets?