14 September 2010 | 15,841 views

sessionthief – HTTP Session Cloning & Cookie Stealing Tool

Check For Vulnerabilities with Acunetix

sessionthief performs HTTP session cloning by cookie stealing. It can issue basic nmap and nbtscan commands to see which IPs are on the subnet, or just listen for IPs broadcasting packets. It can quickly perform ARP poison routing to get packets given the IP of the client if not on an open network or hub, and should also work with interfaces in monitor mode. It integrates automatically with Firefox, dynamically creating a temporary profile for each attack performed. In this way, in contrast to tools like the middler, it doesn’t require any additional configuration, and makes it easy to simultaneously own multiple logins to the same site.

For example, if multiple clients on the open or WEP-encrypted wireless network you are on are on Facebook (or yahoo mail or just about any site you log into), you can:

  1. Start the program
  2. Select your interface
  3. Hit watch
  4. Select a request from each of them to facebook, and click the session button.

The program will start a new instance of firefox for each session hacked, and let you control the login of all of them at once. It compiles and runs on linux and windows depending on the pcap and wxwidgets libraries.

You can download sessionthief here:

sessionthief.zip

Or read more here.



Recent in Hacking Tools:
- Radare – The Reverse Engineering Framework
- ZMap – Fast Open-Source Network Scanner
- Arachni v1.0 Released – Web Application Security Scanner Framework

Related Posts:
- Surf Jack – Cookie Session Stealing Tool
- login (security through obscurity) – weird PHP script
- Stompy – The Web Application Session Analyzer Tool

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,875,008 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,069,423 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 627,321 views

Advertise on Darknet

2 Responses to “sessionthief – HTTP Session Cloning & Cookie Stealing Tool”

  1. karaeng_sija 14 September 2010 at 1:36 pm Permalink

    how do i use this or compile it on linux system

  2. scriptjunkie 14 September 2010 at 11:53 pm Permalink

    Instructions have been posted here: https://scriptjunkie1.wordpress.com/2010/09/14/sessionthief-linux/
    Enjoy!