I know that http requests can be sniffed, so sniffer can see the requested URL from the victim. So 2 days ago I my bank made me a web-account to see, send money etc...
The thing I saw is my session id is always on my URL.. I copy/pasted it on another browser and I successfully logged in from it without entering username/password(on the new browser).
So my question is whether https:// (get) links sniffable over the wire (e.g., with ettercap)? Should I be worried?