Then when the user supplies their credentials, sslstrip is able to capture their login details but
can still pass the request to the server via HTTPS. As a result, the attack is undetectable from the
web server, which sees only the secure connection.
