Not if they're HttpOnly cookies. Then it requires actually compromise/mitm of the application server code to recover the cookies.