Abuse MITM possible regardless of HTTPS