Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: CookieMonster is coming to Pown (err, Town) - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CookieMonster is coming to Pown (err, Town)

Last month at Defcon, Mike Perry gave a talk about a vulnerability with sites that use SSL to secure the traffic if the site saves a cookie on your machine but does not set a flag indicating it is to be used only with encrypted sessions only.  If some one can place themselves so they see your web traffic, they can inject arbitrary content to the data for sites not requiring cookies to set 'Encrypted Sessions Only' and force your browser to provide the saved cookies in a cleartext response.  For more information about his tool from last month, see here.

On Tuesday, Mike posted more information including documentation for the tool, a sample configuration file and some code snippets.  The tool itself has not yet been made available to the general public.

Thanks to Chris and Micheal for writing in about it.

David Goldsmith
SANS / ISC Handler


78 Posts
Sep 11th 2008

Sign Up for Free or Log In to start participating in the conversation!