MITM - bypassing HTTPS
Most websites use https in their login pages, this means that these pages are validated using an SSL certificate and there for will show a warning to the user that the certificate is invalid.
SSLstrip is a tool that canbe used to downgrade HTTPS requests to HTTP allowing us to sniff passwords without displaying a warning to the user.
Luckily MITMf starts SSLstrip for us automatically.
Start the MITMf tool, and the SSLstrip runs the same time.
python2 mitmf.py --arp --spoof --gateway 10.0.0.1 --target 10.0.0.22 -i eth0
Browse the www.baidu.com on the victim win10 os.
Please note that , the URL becomes to http://www.baidu.com by default.
You can find the username and password in the MITMf terminal.
