Mitm is often pretty easy, e.g. just arp spoof someone on the same network as you. Though if your target is on a different network, maybe not so simple. There's definitely a point where it probably makes more sense to try to attack the server than a well secured client; in general, hackers will aim for the weakest link (which I doubt will be your cookies not being channel bound)