Is cookie information hackable by "Man in middle" Attack over HTTPS?
It depends.
Lets say we have a server that only provides an HTTPS service and uses HTTP just to redirect to HTTPS. The user's browser is authenticated using a session cookie without the secure flag. At some point, this browser is going to load HTML over plain HTTP by visiting some other domain (http://security.stackexchange.com!), and then a man in the middle, Eve, can strike. In the HTTP response, Eve can injection an image tag that forces the browser to make an HTTP request to the victim server:
...
<img src=http://victim_server/favicon.ico></img>
...
Even though, victim_server
doesn't use HTTP, the browser will make a plain-text HTTP request that can be intercepted by Eve.
So, to answer the question. Cookie information can be protected in a MITM attack if the Secure cookie flag is set, and the application doesn't have other vulnerabilities such as XSS. There is also the BEAST attack and SSLStrip.
TLS / SSL encrypts the entire connection, which also includes the request and the response with all HTTP headers and payload. To our best knowledge it's not possible to extract header information IFF the connection is properly secured. 'Properly secure' is a vague term. A lot of things can go wrong with TLS / SSL, and new attack emerge. For example recent attacks on HTTPS abuse issues in the protocol or insecure ciphers. You may have heard about BEAST, Lucky 13 timing attack or RC4 vulnerabilities.
A friend of mine has written an article how to harden a server against attacks. Certification authorities usually have tests and HowTos, too. It's vital to understand that you must maintain and update your software constantly. Otherwise the bad guys will win eventually.