| User browses Amazon normally, MITM proxy simply alters response links containing "https" back to http, keeping track of what links were downgraded so it can start relaying between http and https when one of those links is hit. User requests login page over http HTTP request is intercepted, and relayed over https to amazon https response from Amazon is modified to show http links, and presented back to the user User fills in credentials and submits request over http Request is intercepted, and relayed over https back to Amazon MITM now has all credentials. Doesn't require any special tools, or a phishing page, just a spot between Amazon and the user, and the ability to re-write responses from https back to http. HTTPS with a HSTS setting would mitigate this, since the browser would refuse to request the HTTP page if the user had ever successfully visited https://www.amazon.com before. |