HTTPS Everywhere (Firefox addon) protects against SSLStrip attacks

[m0l0ko]

I'm practicing MITM attacks on myself (using a BT5 VM as the attacker) and I noticed that when I entered passwords into websites using opera, ettercap sniffed them but when I used firefox, ettercap couldn't sniff anything. I was trying to figure out why that was, then I realised that a plugin I have for firefox (its called HTTPS Everywhere) was forcing firefox to use HTTPS protocol, rendering SSLStrip useless. HTTPS Everywhere is a brilliant addon, it forces firefox to use HTTPS protocol wherever possible so you don't have to do it manually.

[offensive]

i think sslstrip can capture your password. https everywhere is not problem

[m0l0ko]

You sure about that? I tried get ettercap to sniff my username/password when I entered it into firefox but I couldn't get firefox to go to regular http pages at all, it just redirected to https.

[Kulverstukas]

HTTPS use SSL protocol, so SSLStrip is a decoding program that strips encryption from captured data sent with HTTPS. If you couldn't get the password with SSLStrip then you were doing it wrong
I too use HTTPS everywhere I can when I am on public networks.