MITM - bypassing HTTPS

Most websites use https in their login pages, this means that these pages are validated using an SSL certificate and there for will show a warning to the user that the certificate is invalid.

SSLstrip is a tool that canbe used to downgrade HTTPS requests to HTTP allowing us to sniff passwords without displaying a warning to the user.

Luckily MITMf starts SSLstrip for us automatically.

Start the MITMf tool, and the SSLstrip runs the same time.

python2 mitmf.py --arp --spoof --gateway 10.0.0.1 --target 10.0.0.22 -i eth0

 Browse the www.baidu.com on the victim win10 os. 

Please note that , the URL becomes to  http://www.baidu.com by default.

 You can find the username and password in the MITMf terminal.