I have seen a many posts about parsing through all the data in SSLStrip to find the usernames and passwords. I created easy-creds a while back and it has an SSLStrip parser built into it. However, the definitions.sslstrip file that comes with the download is meant to be edited as new values for sites are found. I tried to include a good number of common sites, but it is not completely comprehensive.
If you look at the file it is easy to see what values need to be included. Sometimes it does spit back garbage (like for twitter). But that is easy to change.
Here's how I do it:
Browse to the login page
Fire up tamper
Put in username/password and login
Verify the values in tamper that contain the login info
Add those to the definitions file
www.concursolutions.com has a username value of "userid" and a password value of "password"
So in your definitions you would add:
concursolutions.com userid= password=
You can add another value if you like just to make sure the parsing can verify it only from that site. Such as logindomain=
The parser will then verify all 4 values exists, if they don't it won't return anything.
I am hoping that people will continue to add to the definitions.sslstrip file and that it can grow stronger. Please feel free to post new sites here...I'll check it out every so often and add them to the base.
Also, if you don't want to use easy-creds, you can cut/paste the parsing function out if it into its own bash file and run it standalone. All the code is there you just have to add the necessary #!/bin/bash and save it.