Then when the user supplies their credentials, sslstrip is able to capture their
login details but can still pass the request to the server via HTTPS. As a
result, the attack is undetectable from the web server, which sees only the
secure connection.
