2202e_snoop_session_id

session cookie transported over http

wireshark filter ip.dst == 192.168.200.203 && tcp.port == 80 && http.cookie contains ACookie
set ACookie=12346 (see 2202e.png)

reload page as hacker, to get access to the victims account

set ACookie as secure

additional questions:

hacker is not able to intercept username and password, as they are transported via https