If a User is exchanging messages with a Server over HTTPS, could a man in the middle intercept messages and send them several time.
For instance, George orders a laptop on a https e-commerce, could Dimitri, a man in the middle, intercept the message and send it 100 times to the e-commerce so George will have 100 laptop ordered?
This is called a "replay attack", and HTTPS (a.k.a. SSL) does protect against it.
The way SSL does this is described here in the spec:
Outgoing data is protected with a MAC before transmission. To
prevent message replay or modification attacks, the MAC is computed
from the MAC secret, the sequence number, the message length, the
message contents, and two fixed character strings. The message type
field is necessary to ensure that messages intended for one TLS
Record Layer client are not redirected to another. The sequence
number ensures that attempts to delete or reorder messages will be
detected. Since sequence numbers are 64 bits long, they should never
overflow. Messages from one party cannot be inserted into the
other's output, since they use independent MAC secrets. Similarly,
the server-write and client-write keys are independent, so stream
cipher keys are used only once.
If the initial SSL handshake succeeded, then only the client and server should know the symmetric key used for encryption and MAC generation, and the server will simply ignore any message with an invalid MAC or a sequence number it's seen before.
