"Often users ignore warning dialogs and click through them. In
the case of an sslstrip intervention, the user doesn't even get the
warning dialogs, because no apparent invalid HTTPS connection is
created. His browser simply doesn't create a secure connection. The
kind of MITM attacks this can provide, and how users might be
totally unaware of them, is clearly indicated in Marlinspike's "New
Tricks for Defeating SSL in Practice" slides."