Re: Get HTTPS
In theory, but it would have to know roots which were NOT the one added to get the browser to stop complaining about the MitM's certificate. That's horribly important in a corporate environment. The MitM creates its own CA, then uses that to generate a certificate for each site you access. The IT department exports that CA and installs it in each corporate machine as a trusted certificate signing certificate (but not a CA-signing certificate). The plugin(1) would need to know that this CA is NOT one of the main root types.
(1) Good luck if your browser decides to not run plugins any more...
PS: I know how these MitMs work because my company's product can act as one, but it can be worked out by a careful analysis of how SSL/TLS works.