Acidus wrote:
If you can hijack network sessions HTTP cookie theft is a fairly tame thing to do. For example, just MITM a victim when they first try to connect to the secure site. 99.5% of users ignore broken SSL certs anyway. And this works against site's with rotating session ids where surf jacking would not.
It is fairly tame, but the tool is very nice and easy to use, and while it's a well known issue it's always nice to be able to pull out an easy-to-use tool when nothing else is working and your victim is somewhat security concious. RE: Surf Jacking | 
