Since ARP poisoning can be carried out on a LAN, my assumption is that you are on LAN or WLAN. Now, you don’t need poisoning ARP in Wireless network because in this case any communication is automatically forwarded to all its recipients. For carrying out ARP poisoning, you may use Arpspoof, Arpoison, Cain and Abel, and Ettercap. We posion the ARP so that all the network traffic on LAN (between the victim and gateway) routes through our machine.
For demonstration and explanation, I will use a virtual OS ( Ubuntu) serving as guest and Windows XP (serving as host). The traffic would obviously pass through my NIC since guest OS is also on my machine so I would not need to posion the ARP. But you can carry out ARP poisoning as demonstrated in this video by irongeek:
You need not do ARP poisoning on Wireless LAN.
Now, Next step is to sniff the traffic and capture the cookie in plain text. I used Wireshark for sniffing traffic. I am using a virtual OS as the guest and xp as host,as i said earlier, A video demonstration by me:
DEFENSE AGAINST THIS ATTACK IN THE NEXT POST !
Hope you got it ! If not , post your questions.