I'm experimenting with sniffing cookies and I'm currently using Hamster. Manually capturing cookies with wireshark and then editing the cookies in firefox works (using Cookie Editor plugin).

However hamster doesn't work. It seems to pick the wrong cookies. But what I'm wondering, the output of HTTP GET request, when using hamster as a proxy, contains two "Cookie:" lines. Is this valid? Maybe this is detected by the server and then rejected?

For example I can't get hamster to work with facebook.com

Any ideas?