Could someone DNS spoof REST API communication between a client device POST to a server URL running a XML-based API on HTTPS?
If a man-in-the-middle for client device(s) POSTing to the server on a scheduled frequency where all REST API communication could potentially travel through a man-in-the-middle on the Internet?
If it is possible for a man-in-the-middle to intercept client/server communication processes what would this person need to do if it's HTTPS? Can they dumb down the stream to HTTP?
