Is HTTPS connection hijacking possible?

Question

This really bothers me a long time,

because.. to encrypt / decrypt data you first need to send a encryption key / decryption key (on an unencrypted connection) to the computer you are comunicating with, right?

If a hacker captures that key HTTPS is useless.. or not? Or am I thinking the wrong way?

I've done extensive research for my school subjects at this but just can't find enough information to answer my questions.

Answer 1

Any private keys are not send. HTTPS is based on trusted certificates. All web browsers have a list of trusted certificate issuers. Server sends it's certificate and it is checked against this list. After that client gives only it's public key which server uses to encrypt data. Data can be only decrypted with clients private key.