I have played around with arp poison attacks and dns redirection and stuff and am curious if there is something out there that will allow someone to use that type of attack or jasager type attack to feed unsecure sites to people requesting said site in secure fashion. Sorry couldn't think of a nice one line way of saying it so let me try with example.
Victim: types into browser http://www.gmail.com
Attacker: goes to http://gmail.com gets all items
Attacker: rebuilds page and serves it up to allow password to send in clear text
Victim: sees same page as if you went to gmail but without the security.
I know I can do this manually by saving the page and serving it up by redirecting them to my faked page but I was curious if there was an automatic jasager style way to accomplish this. This way I do not have to know what site they are going ahead of time and there is no warning of security certificates not matching there is just no security period.
Any info on this would be much appreciated.