Web session tools
The next section will cover tools used for Penetration Testing web sessions. Some tools are not available in Kali1.0; however, they can be obtained online.
Firefox plugins
The manual method to perform a session hijack is stealing a victim's authentication cookie. One way to accomplish this is injecting a script on a compromised web application server so cookies are captured without the victim's knowledge. From there, the attacker can harvest authentication cookies and use a cookie injector tool to replace the attacker's cookie with an authorized stolen cookie. Other methods used to steal cookies are packet sniffing, network traffic, and compromising hosts. Stealing cookies will be covered later in this book.
The Firefox web browser offers many plugins that can be used to inject stolen cookies into an attacker's browser. Some examples are GreaseMonkey, Cookie Manager, and FireSheep. We suggest browsing the Firefox plugins marketplace for various cookie management offerings...
