MITM attack with SSLStrip transparently hijack HTTP traffic on a network, look for HTTPS links and redirects, then map those connections into either resembles the other alike HTTP connections or homograph-comparable HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. MITM attacks can also be used to supply favicon, log log, and redirect traffic from port 80 to port 8080 to ensure outgoing connections to sslstrip.”]
Source: https://gbhackers.com/mitm-attack-https-connection-ssl-strip/