I've just released a tool called py-cookieJsInjection on github (see Part II of this post here).
It can be used to sniff and replicate any cookies going on the wire or to filter out specific information, such as Facebook profiles:
glow$ sudo python cookieJsInjection.py en1 -facebook
What is Sidejacking?
Sidejacking is essentially a form of HTTP session hijacking that works with “passive” eavesdropping of network traffic.
A HTTP session hijacking happens when an attacker is able to steal a user's "session cookie". These session cookies are what identify user sessions in password protected websites (such as facebook). This cookie is sent to the remote (facebook) server, by your browser, each time you go back to the website (facebook.com), so you don't have to enter your password every time.
It has gained mainstream attention recently, due to the release of a tool called firesheep, that allows virtually any user with a Firefox browser to launch sidejacking attacks on an unprotected wireless network (or WEP protected, for that matter).
py-cookieJsInjection was built for mainly one reason: because one should not be required to have firefox, in order to launch sidejacking attacks easily ;).
There are awesome tools like Hamster and Ferret, that allow to connect through a proxy, automatically rewriting the desired cookies on behalf of the hacker. However, they require a user to build and install both Hamster and Ferret, something which may prove both cumbersome and time-consuming.
There is also CookieMonster, from Mike Perry's Epic Saga; a complex tool that takes sidejacking a bit further by tracking the HTTPs websites visited by wireless client IPs, and automatically injects HTML elements that causes any insecure HTTPs cookies to be transmitted unencrypted. This will, in fact, be the topic of a future tool/post. =)
Finally, you could do it by hand, and sniff the packets on the wire, with tools like Wireshark or TCPdump.
Finally, it is easily extensible, and can be used by other tools that require some, or all of it's functionality (as will be seen in my next post).
You can get more information about the tool (and the tool itself), here: https://github.com/diogomonica/py-cookieJsInjection.