Been a long time since I've had to demo "session hijacking". Picked DVWA as the vulnerable web application to demonstrate "cookie theft" and "session hijacking" using "Burp".
Scenario: A man-in-the-middle (MiTM) scenario is where a "Hacker" positions themselves between a client and server. In a successful MiTM situation, the "Hacker" can use a "web proxy" like "Burp" to intercept traffic between a victim and web application. The "Hacker" is able to capture the victim's post-authentication cookie to impersonate the authenticated victim.