The original proof of concept scripts for heartbleed are being expanded into more specialized session hijacking tools. Here is one from Michael Davis:
I altered the proof of concept code written by Jared Stafford to continuously query a given server for memory chunks and parse those chunks for session ids.
Some very simple checks are in place to only spit out unique session IDs.
For a more complete example of how to then use the session ID to gain access to an account check out Matthew Sullivan’s Hijacking user sessions with the Heartbleed vulnerability post.
Even these scripts still involve manual actions afterwards. There is no doubt that the heartbleed bug is going to continue to be used as the foundation for more and more automated attack scripts.