Regarding effectiveness of SSLstrip
I was experimenting with MITM in my home lab. I am successfully able to capture all the traffic from victim PC. But SSL strip doesn't work for the websites like facebook, Gmail. Then I researched and found that these websites are using Extended validated certificates (Made by Digi-cert) which is specifically made to nullify the effect of SSLStrip.
Is this the end of road Or I am missing something. Kindly guide me in right direction.
PS- I was able capture FTP passwords.