sessionthief – HTTP Session Cloning & Cookie Stealing Tool


sessionthief performs HTTP session cloning by cookie stealing. It can issue basic nmap and nbtscan commands to see which IPs are on the subnet, or just listen for IPs broadcasting packets. It can quickly perform ARP poison routing to get packets given the IP of the client if not on an open network or hub, and should also work with interfaces in monitor mode. It integrates automatically with Firefox, dynamically creating a temporary profile for each attack performed. In this way, in contrast to tools like the middler, it doesn’t require any additional configuration, and makes it easy to simultaneously own multiple logins to the same site.

For example, if multiple clients on the open or WEP-encrypted wireless network you are on are on Facebook (or yahoo mail or just about any site you log into), you can:

  1. Start the program
  2. Select your interface
  3. Hit watch
  4. Select a request from each of them to facebook, and click the session button.

The program will start a new instance of firefox for each session hacked, and let you control the login of all of them at once. It compiles and runs on linux and windows depending on the pcap and wxwidgets libraries.

You can download sessionthief here:

sessionthief.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking, Privacy, Web Hacking

, ,


Latest Posts:


Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.


2 Responses to sessionthief – HTTP Session Cloning & Cookie Stealing Tool

  1. karaeng_sija September 14, 2010 at 1:36 pm #

    how do i use this or compile it on linux system

  2. scriptjunkie September 14, 2010 at 11:53 pm #

    Instructions have been posted here: https://scriptjunkie1.wordpress.com/2010/09/14/sessionthief-linux/
    Enjoy!