Hey, thanks for the comprehensive response!
What I mean concerns more the client (target) side, not the server side. If you’re ever so kind to donate even more of your time to my question, here it is more detailed:
// Let’s assume we want to become the MITM to gain access to the target. So no backdoors etc (if we already have access, we can pretty much do whatever anyways, right? :))
So regardless of what method we choose as MITM, the target still connects through http. We can use SSLstrip or any other method, and sure it will work with many (most?) websites. But “work” means we will establish a connection, and as far as the server is concerned, we’re the client, so for them it looks like a legitimate https connection.
But the client machine knows it’s connected through http. And that’s what concerns me. If the client is using any modern browser, it will surely let him know that this is not a private connection with flashy alerts and this pretty much raises a red flag. Even if the user has no knowledge of http(S) protocols, he or she will think twice before going further. If I remember right, on Chrome for example you need to click “advanced” and than “allow the connection anyways”, stating that you’re aware of how dangerous it might be.
So that’s what I meant in the original question. Is there a way to fool the target into thinking it is actually connecting through https? (without having access to the target machine).