User browses Amazon normally, MITM proxy simply alters response links containing "https" back to http, keeping track of what links were downgraded so it can start relaying between http and https when one of those links is hit.
User requests login page over http
HTTP request is intercepted, and relayed over https to amazon
https response from Amazon is modified to show http links, and presented back to the user
User fills in credentials and submits request over http
Request is intercepted, and relayed over https back to Amazon
MITM now has all credentials.
Doesn't require any special tools, or a phishing page, just a spot between Amazon and the user, and the ability to re-write responses from https back to http.
HTTPS with a HSTS setting would mitigate this, since the browser would refuse to request the HTTP page if the user had ever successfully visited https://www.amazon.com before.
User requests login page over http
HTTP request is intercepted, and relayed over https to amazon
https response from Amazon is modified to show http links, and presented back to the user
User fills in credentials and submits request over http
Request is intercepted, and relayed over https back to Amazon
MITM now has all credentials.
Doesn't require any special tools, or a phishing page, just a spot between Amazon and the user, and the ability to re-write responses from https back to http.
HTTPS with a HSTS setting would mitigate this, since the browser would refuse to request the HTTP page if the user had ever successfully visited https://www.amazon.com before.