HTTPS Branch of threat tree

  1. Get certification authority to issue you a cert
  2. Break public key in existing valid cert
  3. Break SSL/TLS protocol
  4. Prevent HTTPS from activating in the first place
    1. Intercept connections initiated via HTTP and prevent redirect to HTTPS
      • Prevent protocol based redirect
      • Prevent any javascript based redirects
      • Rewrite any page contents containing "https://" with "http://"