Thoughts on Security

sessionthief is a program to perform HTTP session cloning by cookie stealing. It can do some simple host discovery and can perform ARP Poison Routing to get packets if you are not connected to a hub or open wifi network.

It integrates automatically with Firefox, dynamically creating a temporary profile for each attack performed. For example, if multiple clients on the open or WEP-encrypted wireless network you are on are on facebook (or yahoo mail or just about any site you log into), you can 1. start the program, 2. select your interface, 3. hit watch, and 4. select a request from each of them to facebook, and click the session button. The program will start a new instance of firefox for each session hacked, and let you control the login of all of them at once.

It compiles and runs on linux and windows depending on the pcap and wxwidgets libraries. The source and binaries for windows and linux are here sessionthief.zip.

If you have a different Linux version or architecture, compile it yourself. First, install the development libraries for gtk2, wxwidgets, and libpcap:

# apt-get install build-essential libwxgtk2.8-dev libgtk2.0-dev libpcap-dev

Then unzip the sessionthief folder in some directory and cd into the sessionthief folder. The complete compilation can be performed in one command:

$ g++ $(wx-config --cppflags --libs) -lpcap -o sessionthief *.cpp

You will need to run as root or have tcpdump installed setuid root (run # chmod 4755 `which tcpdump` as root) to get packets live or you can open a pcap file saved from tcpdump or wireshark, etc.

Sessionthief also now includes an automatic update feature; it will display a message on startup when it detects a new version.