Token Stealing

It has been done before, but its worth covering in detail