What tools do attackers use to capture sensitive data like passwords and session cookies?

Attackers commonly use packet sniffers to capture sensitive data such as passwords and session cookies during network communications. Packet sniffers operate by monitoring and capturing data packets traveling across a network. When an attacker has access to network traffic, they can analyze these packets to extract unencrypted information, which can include login credentials and session information.

Packet sniffers can be particularly effective in environments where data is transmitted over unsecured connections, such as HTTP instead of HTTPS. This allows attackers to intercept and read the contents of the packets before they reach their intended destination. These tools provide a powerful means for attackers to gather sensitive data without requiring direct access to the user’s device or accounts.

The other choices do not directly relate to the act of capturing sensitive data through network interception. While phishing websites create deceptive scenarios to trick users into providing sensitive information, they do not involve the direct monitoring or interception of network traffic. Cloud computing websites and CSPs (Cloud Service Providers) pertain to services that store and manage data but are not tools specifically designed for capturing data in transit.