I have been reading up on session fixing/hijacking recently, and understand the theory.
What I don't understand is how this would be exploited in practice. Would you have to tamper with your browser to make use of the stolen cookies? Append it to the URL and pass it to the web application?
Or would you write some sort of custom script to make use of this, and if so what would it do?
I'm not trying to ask for help with this or examples, but I am trying to learn more and understand. Any help is appreciated.