Let's say I am browsing the Internet using Tor - visiting https://example.com/login.php
- and the NSA is operating the Tor exit node which I am currently routed to use.
Can that NSA exit relay swap the HTTPS certificate with their own (and then assume that I accept it, either manually or automatically), capturing or modifying all traffic I receive and give to example.com
- just like a proxy, your employer, or your ISP can?
Or is directly browsing a HTTPS site on Tor immune to such an 'exit node MITM' attack - and only unencrypted packets can ever be seen or modified by them?
(N.b. I use HTTP Nowhere to mitigate against vulnerabilities like sslstrip - so I am only talking about the specific scenario of exit node replacing certificates on-the-fly to decrypt the traffic themselves, assuming again that I accept their certificate by whatever means that occurs.)