In the previous section, we saw how to sniff and capture anything sent over HTTP requests. Most famous websites use HTTPS instead of HTTP. This means that when we try to become the MITM, when the person goes to that website, the website will display a warning saying that the certificate of that website is invalid. That way, the person will be suspicious and probably won't log in to that page. So, what we're going to do is use a tool called SSLstrip, which will downgrade any HTTPS request to HTTP; so whenever the target person tries to go to https://hotmail.com, for example, they'll be redirected to the HTTP of hotmail.com. Let's go the browser on the target, and we are going to try to go to hotmail.com. Now, as we can see ...