"WARNING: This software cannot work without Let's Encrypt! This is a new generation of phishing SSL-Strip attack. I will develop this tool more effectively ;) Because Soon maybe very soon the Let's Encrypt company may have a problem with this tool! So, the situation is that. First of all, you must create a domain similar to this what you want to attack and SSL certificate, using your real IP address and then you must request a certificate from Let's Encrypt company. On that way, you will be trackable. Where and what you sent on the "victim". This is not good for you if you are an attacker :D So, this tool on 100% is not usable if you can't use every time a different real IP, domain and SSL certificate :). This is so stupid if you do this, only for steal credentials of someone, just like that :)
BR V.Varbanovski @nu11secur1ty - System Administrator - Infrastructure Engineer!"
Explaining by Kevin Mitnick
Explaining by Kuba Gretzky
Protecting
How to protect…