This is a tool written by rage of some notoriety here at pissedoffadmins.
Sessionlist : HTTP is a simple protocol, and many use it to create â€œprogram-likeâ€ websites. With asynchronous requests available in almost every browser (including mobile ones) itâ€™s no surprise that many people create a zillion and one sites for almost any purpose. The underlying issue with HTTP is that it is stateless. How do you create the illusion of program state in a naturally stateless protocol? The correct answer is to create a new protocol that is designed for this purpose however that didnâ€™t happen. Instead we have silly hacks that allow us to pretend to have state while using HTTP. How is this accomplished? Well, we pass variables and their values back and forth with every single request! It will cause overhead but theyâ€™re websites not real programs! To make this more manageable many web scripting languages support sessions which can reduce the overhead by storing a session id in browser cookies instead of all the variables/values and use the session id to look up server stored variable/values. Of course now all you need to facilitate authentication is the session id.
his work can be found here or on http://securitytube-tools.net