Robert Graham, CEO of Errata Security, who last year found that it's possible to capture someone's session cookie via wireless eavesdropping, now says that even encrypted services such as Google's Gmail can sometimes provide him with a session cookie. This is a departure from his advice last August when he said SSL HTTPS sessions of Gmail should be immune.
Graham, working with David Maynor, created two tools (Ferret and Hamster), which together help him grab session cookies out of thin air, say, at a local hot spot, like an Internet cafe. Session cookies allow you to shop at an e-commerce site, then leave the page and return later without re-entering your password. One doesn't have to decode the user's password to exploit the session cookie, merely possess it.
Graham gave a live demonstration of his sidejack attack on an audience member's Gmail account at last year's Black Hat USA, displaying that person's inbox before a standing-room-only crowd.
Graham provides more details in his blog.