Hamster is a tool for HTTP session hijacking with passive sniffing. It eavesdrops on a network, captures the session cookies, then imports them into the browser to allow you to hijack their session. There is a more complete description in the help section.
We use Hamster on all our app-assessment contracts to demonstrate to customers why they need SSL, even though passwords are always encrypted.
You can download the source code here: