If I am entering a password in facebook.com, an attacker in my subnet can build a man-in-the-middle attack with arpspoof and nat iptables rules by turning my HTTPS connections into HTTP and get my facebook password.
1. Is it still the case if I am using SOCK5 in the case of logging in through tor browser for instance?
2. Is there any man-in-the-middle variant allowing to catch passwords with SOCKS5 proxified connection?
Proxy servers would provide no protection against a MITM attack, since your attacker could MITM your connection to the proxy, or the proxies connection to the internet.
by turning my HTTPS connections into HTTP
The bit about arp poisoning is correct. Your assumptions about HTTPS are a bit misguided. It is designed to be used on an untrusted connection, and is not easiy downgraded to HTTP. It provides authentication and encryption.
To enhance security disable weak HTTPS cyphersuites, and make sure that you type https://facebook.com into your browser.
