So, I understand in principle and practice how this works... and I am aware that sslstrip offers a lock favicon to give the illusion of a secure connection. However, that lack of the HTTPS in the address bar is a dead giveaway.

Lately, I've been playing around with Cain & Abel. Besides having a better GUI, C&A seems to be able to maintain the HTTPS as well. What I'm wondering is how does this program accomplish this and how is it different from sslstrip. On the surface, it seems to be the same type of arp poisoning mitm attack.