Of course it can be done. Set up a server that fetches web pages and then passes them on over an encrypted connection, scrambling the names of pages and files in the process. Obviously, this could still be detected if someone detected unusual amounts of encrypted traffic to one specific server.
