Our project will demonstrate session hijacking by stealing cookies from a web-site's user through an injected script put into the web-document. We will set up two separate web-applications & related servers. One will be an app where users may log in and post content this will be where the attack happens. The second server will be used for collecting the stolen cookies sent to it by an AJAX call from the malicious injected script. Our code in sum will involve the attack script (to steal cookies), a session hijacking script (using the stolen cookies), and two independent basic server-side applications. Our demonstration will also involve a survey of tools system admins / security designers can use to prevent these attacks.