This post describes the core logic of CookieMonster in more precise terms than the previous overview post. The hope is to drive home exactly how the tool functions, and to underscore that source code counts as speech in this capacity (and in general). In addition, the README that illustrates how the tool is used, and a README describing a "Quick Start" Live CD method for Mac and Windows users who do not have Linux installs are now available. Finally, an example configuration file for the tool is now posted as well. These should hopefully give a clearer picture of how the tool works and how it can be used.

The most crucial aspect of this sort of attack that most people seem to miss is its ability to cull arbitrary cookies for a list of insecure domains from every client IP on a network even when the user is not using those sites at the time. The second most crucial aspect is how the tool is still able to compromise arbitrary insecure SSL sites in the common case without the need to provide such a target list.

More information available here.