HTTPS Branch of threat tree
- Get certification authority to issue you a cert
- Break public key in existing valid cert
- Break SSL/TLS protocol
- Prevent HTTPS from activating in the first place
- Intercept connections initiated via HTTP and prevent redirect to HTTPS
- Prevent protocol based redirect
- Prevent any javascript based redirects
Rewrite any page contents containing "https://" with "http://"
- Intercept connections initiated via HTTP and prevent redirect to HTTPS