Configure SSLstrip to only forward when possible

[SecureSurfer]

Hello,

With sslstrip it is possible to use http instead of https on the target machine when possible. However, when this is not possible (some sites do not offer plain http login), I would like sslstrip to ignore them and thus to not forward the traffic with the famous Certificate Warning as a consequence.
Of course, the password will not be captured then, however, the user will not notice anything strange.

Would this be possible in any way?

thanks

[Mr-Protocol]

I think you are confused on how SSL Strip works...

Defeating SSL using SSLStrip (Marlinspike Blackhat) Tutorial

The way the SSLStrip tool works by:

1. Does an MITM on the HTTP connection
2. Replaces all the HTTPS links with HTTP ones but remembers the links which were changed
3. Communicates with the victim client on an HTTP connection for any secure link
4. Communicates with the legitimate server over HTTPS for the same secure link
5. Communication is transparently proxied between the victim client and the legitimate server
6. Images such as the favicon are replaced by images of the familiar "secure lock" icon, to build trust
7. As the MITM is taking places all passwords, credentials etc are stolen without the Client knowing

[SecureSurfer]

Thank you for the clarification.

However, my question remains the same: is it possible to configure SSLstrip to forward a HTTPS link when no plain HTTP link is found.
This is the case for some sites, which do not support HTTP login.

I understand how sslstrip works, I just want to know if there is a way to do that. Because when I try out SSLstrip on my own network, I still see the certificate error when connecting to some sites.



EDIT: Alrightie, I was so stupid to not uncomment the iptables rules in /etc/etter.conf, which are used to sniff https using the fake certificate.

Sslstrip works nicely now, and if a http connection is not possible, it just gives the https connection.

Thanks for the answers!