10.4 Session Hijacking Tools

Session Hijacking Tools


  • The OWASP Zed Attack Proxy (ZAP) is an integrated penetration testing tool for finding vulnerabilities in web applications.

Burp Suite

  • Burp suite allows the attacker to inspect and modify traffic between the browser and the target application.
  • It analyzes all kinds of content, with automatic colorizing of request and response syntax.


  • A Java hijacking tool for web application session security assessment.
  • A simple Java Fuzzer mainly used for numeric session hijacking and parameter enumeration.

Session Hijacking Tools for Mobile: DroidSheep and DroidSniff

  • DroidSheep:
    • DroidSheep is a simple Android tool for web session hijacking (sidejacking).
    • It listens for HTTP packets sent via a wireless (802.11) network connection and extracts the session IDs from these packets.
  • DroidSniff:
    • DroidSniff is an Android app for security analysis in wireless networks and capturing Facebook, Twitter, Linkedin, and other accounts.

results matching ""

    No results matching ""