is there any way to di mitm on those hosts which uses ssl certs???like orkut or gmail???if yes the how??

I believe you can, I have not tried tho. RTFM

I'm sure ettercap can

You can in a few ways. You can force them not to connect to the SSL server at all (most people don't type https:// they type in http:// and the site redirects them). You can also just do a normal MITM setup but that will of course cause an error in the browser.

- RSnake
Gotta love it. http://ha.ckers.org

For what it's worth, I had some issues doing this with Firefox 3 recently. I was using Burp Proxy as the MITM which sends the browser its own self-signed cert, which Firefox naturally complains about. The warning box didn't allow me to choose to accept the self-signed cert which is annoying but somewhat understandable... Fortunately Firefox lets you create one-off exceptions for such scenarios. But when I tried to import the self-signed cert this way, I was blocked again because it didn't like that the cert was self-signed... very lame...

Anyhow, the fix was to change the about:config setting network.dns.disableIPv6 to true and then I could create the one-off exception.