MITM - bypassing HTTPS

Most websites use https in their login pages, this means that these pages are validated using an SSL certificate and there for will show a warning to the user that the certificate is invalid.

SSLstrip is a tool that canbe used to downgrade HTTPS requests to HTTP allowing us to sniff passwords without displaying a warning to the user.

Luckily MITMf starts SSLstrip for us automatically.

Start the MITMf tool, and the SSLstrip runs the same time.

python2 mitmf.py --arp --spoof --gateway 10.0.0.1 --target 10.0.0.22 -i eth0

Browse the on the victim win10 os. 

Please note that , the URL becomes to  by default.

You can find the username and password in the MITMf terminal.

Ethical Hacking - NETWORK PENETRATION TESTING(17)