Session hijacking tools

DroidSheep

Source: http://droidsheep.org DroidSheep tool is a used for session hijacking on Android devices connected on common wireless network. It gets the session ID of active user on Wi-Fi network and uses it to access the website as an authorized user. The droidsheep user can easily see what the authorized user is doing or seeing on the website. It can also hijack the social account by obtaining the session ID.

FaceNiff

Source: http://faceniff.ponury.net FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it will work on any private network (Open/WEP/WPA-PSK/WPA2-PSK).

DroidSniff

Source: https://github.com DroidSniff is an Android app for Security analysis in wireless networks and capturing Facebook, Twitter, LinkedIn and other accounts. This tool is used for testing the security of user accounts. It identifies the poor security properties of network connections without encryption.

Burp Suite

Source: https://portswigger.net Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work together to support the entire testing process, from initial mapping and analysis of an application's attack surface to finding and exploiting security vulnerabilities. Burp Suite contains the following key components: An intercepting Proxy, which lets you inspect and modify traffic between your browser and the target application An application-aware Spider, for crawling content and functionality An advanced web application Scanner, for automating the detection of numerous types of An Intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities A Repeater tool, for manipulating and resending individual requests A Sequencer tool, for testing the randomness of session tokens The CSRF PoC Generator function, for generating proof-of-concept of cross-site request forgery (CSRF) attack for a given request