sessionthief – HTTP Session Cloning & Cookie Stealing Tool

Keep on Guard!


sessionthief performs HTTP session cloning by cookie stealing. It can issue basic nmap and nbtscan commands to see which IPs are on the subnet, or just listen for IPs broadcasting packets. It can quickly perform ARP poison routing to get packets given the IP of the client if not on an open network or hub, and should also work with interfaces in monitor mode. It integrates automatically with Firefox, dynamically creating a temporary profile for each attack performed. In this way, in contrast to tools like the middler, it doesn’t require any additional configuration, and makes it easy to simultaneously own multiple logins to the same site.

For example, if multiple clients on the open or WEP-encrypted wireless network you are on are on Facebook (or yahoo mail or just about any site you log into), you can:

  1. Start the program
  2. Select your interface
  3. Hit watch
  4. Select a request from each of them to facebook, and click the session button.

The program will start a new instance of firefox for each session hacked, and let you control the login of all of them at once. It compiles and runs on linux and windows depending on the pcap and wxwidgets libraries.

You can download sessionthief here:

sessionthief.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking, Privacy, Web Hacking

, ,


Latest Posts:


Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
Equifax Hack Blamed On Single Employee Equifax Hack Blamed On Single Employee
We wrote about the Equifax Hack, Data Breach and Leak last month, which happened due to a flaw in Apache Struts that for some reason hadn't been patched.
LOIC Hivemind - Low Orbit Ion Cannon LOIC Download – Low Orbit Ion Cannon DDoS Booter
LOIC Download below - Low Orbit Ion Cannon is an Open Source Stress Testing and Denial of Service (DoS or DDoS) attack application written in C#.


2 Responses to sessionthief – HTTP Session Cloning & Cookie Stealing Tool

  1. karaeng_sija September 14, 2010 at 1:36 pm #

    how do i use this or compile it on linux system

  2. scriptjunkie September 14, 2010 at 11:53 pm #

    Instructions have been posted here: https://scriptjunkie1.wordpress.com/2010/09/14/sessionthief-linux/
    Enjoy!