Hi!
No, using sslstrip is still working, not for all the sites but many of them will be downgraded. The Ethical Hacking course shows how to do it with bettercap and the Network Advanced course shows how to do it with mitmproxy, so you can enroll in such courses and test that solutions as well. With bettercap there’s a workaround for hsts sites too. But yeah, some sites are implemeting some kind of protection like preventing logging in from an http connection. Another possible solution will be to get access to the target machine, via backdoor, trojan or similar, and then force the use of a proxy like Burp (I mean kali’s Burp) which can be used to sniff data, this has the advantage that the victim can still have it’s https connection but as we are a proxy server we can intercept https traffic and read it in plain text. This requires many steps and it’s not so staright forward, but it’s a cool attack. Maybe I’ll do some post about it in the futere, need to work more on it.
Greetings!
Diego