newbie question

[Jason Mayer <slamboy () gmail com>]

Hi!  I've been reading this mailing list for a long time, and I've
learned a lot of theoretical stuff regarding a pen-test.  I've been
taking cisco classes for a bit, and while in class a couple of weeks
ago the instructor mentioned that the Cisco enable secret password
hashes were pretty much unbreakable.  Well, knowing what I know, I
loaded up cain and abel and showed him and the class how that wasn't
completely true and that strong passwords were still required (I
demonstrated the amount of time it takes to brute force the password
hashes and whatnot with alphanumeric vs alphanumeric+symbols).

Ever since then, I've been getting requests to demonstrate other
things.  Last week, I was asked to demonstrate how to get ntlm
password hashes and then break them, so I showed the class pwdump2
(although in the end I used cain&abel to crack the passwords).  Today,
the teacher asked if it was possible to intercept and read in
plaintext https info.  I did some searches in the archives and found a
reference to odysseus as a MITM proxy.  I didn't find any information
in the help files of odysseus regarding the usage of this program
though, so I come to you all for help.  If anyone could suggest a MITM
program to capture https: traffic I'd appreciate it.

I have the perfect learning environment here, with switches/routers
and multiple pcs.  Since all my knowledge is theoretical, I'd like to
get in some practical experience (while educating future network
admins).  Any other things you think I should check into would be
awesome.  Thanks!