I watched a video on youtube about using SSLstrip after conducing a MITM using arpspoof. The video, unfortunately, didn't provide any information about how it works. During the video, the guy typed
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
and then to put SSLstrip to listen on port 10000
sslstrip -k -l 10000
What I understood after reading the manual page of iptables
is that the command redirects any incoming TCP traffic on port 80 to 10000 to feed it to SSLstrip and then SSLstrip removes the security out of HTTPS.(Please correct me if I'm wrong.)
My question is why do we redirect packets of port 80 and not port 443? HTTPS, as far as I know, works on port 443.
Edit : I've already read How does SSLstrip work? and it explains nothing about my problem. So, I believe, that my question should not be considered duplicate.