Yes and no. Usually you do HTTPS termination on the same device, so the traffic doesn’t actually go out onto the network. To sniff it, you’d have to be root on the machine, in which case you’re already compromised.