Moxie of  Thoughtcrime.org has release a tool is able to recreate SSL pages with none of the security

First, arpspoof convinces a host that our MAC address is the router's MAC address, and the target begins to send us all its network traffic.  The kernel forwards everything along except for traffic destined to port 443, which it redirects to $listenPort (10000, for example).

At this point, sslsniff receives the client connection, makes a connection to the real SSL site, and looks at the information in the server's certificate.  sslsniff then generates a new certificate with an identical Distinguished Name and signs it with the end-entity certificate in $certificateFile.  sslsniff uses the generated certificate chain to do a SSL handshake with the client and proxy data between both hosts (while logging it, of course).

According to Forbes, Marlinspike was able to "grab passwords to 117 e-mail accounts, 16 credit cards numbers, seven Paypal logins and about 300 other logins to supposedly secure sites ranging from Gmail to Ticketmaster to Facebook." We congradulate moxie is his finding and want to throw out to him and anyone else who has a cool project to please submit it to the next hackthiszine.

Corporate Article Here: Forbes.com

Download the software here: SSLsinff