Yes, you are stealing a session identifier, that's why we usually protect the transmission of this information with HTTPS protocol, to avoid that anyone can steal it.
You are attacking your browser, not moodle.
You are attacking your browser, not moodle.