This allows an attacker at point B on the network to participate in a conversation between A and C by encouraging the IP packets to pass through B's machine.
[5] Firesheep, a Firefox extension introduced in October 2010, demonstrated session hijacking vulnerabilities in unsecured networks.
It captured unencrypted cookies from popular websites, allowing users to take over active sessions of others on the same network.
The tool worked by displaying potential targets in a sidebar, enabling session access without password theft.
It is a cross-platform open-source utility based on the Wireshark suite which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis.
Cookie Cadger has been used to highlight the weaknesses of youth team sharing sites such as Shutterfly (used by AYSO soccer league) and TeamSnap.
[11] CookieMonster is a man-in-the-middle exploit where a third party can gain HTTPS cookie data when the "Encrypted Sessions Only" property is not properly set.
In 2008, this could affect major websites, including Gmail, Google Docs, eBay, Netflix, CapitalOne, Expedia.