michael_kent123 Posted March 21, 2015 Share Posted March 21, 2015 I have wondered for some time how apps (e.g. Facebook, Twitter, or Instagram) on an iPhone on Android device transmit the username and password. For example, if I am using a laptop and want to login to Facebook then I browse to https://www.facebook.com and enter my username and password which is transmitted to Facebook which checks whether it is accurate or not. However, if I use the Facebook app, how is the username and password invoked? If you are a MITM and you intercept client-server communications (e.g. with SSL Strip) then you can get my Facebook username and password. However, if I am using an app (over wireless) to login to Facebook then can you as the MITM grab my login details? In all cases, we are using a wireless network. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.