From there, the attacker has to hope that the user keeps his or her targeted session active as the BEAST conducts its crypto-attack against the HTTPS cookie. That doesn't take long. Still, if the user logs out of the HTTPS-attacked website or closes the browser completely (and doesn't simply close the HTTPS website, which is more common), the attacker may be able to decode the encrypted cookie, but it is unlikely to be useful in future, new connections unless the cookie is poorly implemented.
Again, this is not impossible. If I'm a bad guy trying to break into a particular company, I could hang out in coffee shops and watering holes that are near the targeted company's main offices. You can figure out what sites the company employees are visiting by walking by their screens over a few days and learning where they surf. There's a good chance that many will frequently many of the same websites, including popular social media sites and common company sites.
But far easier attacks that accomplish the same goals already exist. Attackers are in many, if not most, of the world's networks already, and they didn't need complicated attacks with multiple preconditions. They are already in deep without using the BEAST attack. They used social engineering Trojans, fake antivirus programs, or programs that took advantage of unpatched software. Right now, Adobe and Java products are heavily targeted.