   _____                .__           ________                               __      ________.__              
  /  _  \ ______ ______ |  |   ____   \______ \   ____   ____   ______ _____/  |_   /  _____/|__|__  __ ____  
 /  /_\  \\____ \\____ \|  | _/ __ \   |    |  \ /  _ \_/ __ \ /  ___//    \   __\ /   \  ___|  \  \/ // __ \ 
/    |    \  |_> >  |_> >  |_\  ___/   |    `   (  <_> )  ___/ \___ \|   |  \  |   \    \_\  \  |\   /\  ___/ 
\____|__  /   __/|   __/|____/\___  > /_______  /\____/ \___  >____  >___|  /__|    \______  /__| \_/  \___  >
        \/|__|   |__|             \/          \/            \/     \/     \/               \/              \/ 
   _____    ___________             __        _____ ___.                  __                                  
  /  _  \   \_   _____/_ __   ____ |  | __   /  _  \\_ |__   ____  __ ___/  |_                                
 /  /_\  \   |    __)|  |  \_/ ___\|  |/ /  /  /_\  \| __ \ /  _ \|  |  \   __\                               
/    |    \  |     \ |  |  /\  \___|    <  /    |    \ \_\ (  <_> )  |  /|  |                                 
\____|__  /  \___  / |____/  \___  >__|_ \ \____|__  /___  /\____/|____/ |__|                                 
        \/       \/              \/     \/         \/    \/                                                   
  _________                          .__  __          ._.                                                     
 /   _____/ ____   ____  __ _________|__|/  |_ ___.__.| |                                                     
 \_____  \_/ __ \_/ ___\|  |  \_  __ \  \   __<   |  || |                                                     
 /        \  ___/\  \___|  |  /|  | \/  ||  |  \___  | \|                                                     
/_______  /\___  >\___  >____/ |__|  |__||__|  / ____| __                                                     
        \/     \/     \/                       \/      \/                                                     

AppleDoesntGiveAFuckAboutSecurity - An iTunes plugin to "recover" iTunes passwords

Copyright (c) fG!, 2014 - reverser@put.as - http://reverse.put.as
All rights reserved.

This plugin will hijacking iTunes login passwords abusing a vulnerability long time ago reported
to Apple and which they never gave a f*ck about fixing it.
 
What happens is that plugins are loaded into iTunes task space so can control the whole iTunes code.
This plugin is a mini-debugger that breakpoints SSLWrite and dumps buffer contents.
Very lazy PoC that works!

Run iTunes from a Terminal window to see the output since it's only logged to stdout!

Copy to ~/Library/iTunes/iTunes Plug-ins to install.

Let's see if this time Apple fixes their plugin system and creates a secure API.

Please don't use this for bad purposes aka illegal.

Have fun,
fG!
 