Man in the Middle Fun with SSL Strip

This time on the show Darren's having a little man-in-the-middle fun with a demonstration os SSLStrip, an epic tool for removing that pesky encryption from your victims browsing session.

Moxie Marlinspike's SSLStrip, released at Blackhat/DEFCON this year, is a tool that transparently hijacks HTTP traffic and redirects HTTPS links to look-alike HTTP links. While this description barely scratches the surface, Darren's segment takes a closer look including a pracitcal demonstration of a man-in-the-middle attack using arpspoof and a little luck with remote-exploit's BackTrack 4 penetration testing distribution.