[Kiro]

How do you "steal" a cookie?

[aidos]

The best bet is generally an xss attack. Though there are other ways, you could sniff one on a wireless network if no encryption is in use.

[exDM69]

Get on the same WiFi as your target, open up Wireshark and grab their HTTP communications.

To make this easier, there was/is a tool called Firesheep that can be used to hijack session cookies. The popularity of Firesheep caused many sites to enable HTTPS by default (e.g. Facebook did so).

[Kiro]

If you need to be on the same WiFi as your target I really don't see the big problem, realistically speaking.

[terminado]

Common, shared wired LANs at offices and workplaces are a problem. Home LANs, where family members need privacy from one another, is also a problem.