After some experiments, some results regarding MITM:
1) If you want to sniff a http traffic and retrieve username and password, just simply use arpspoof (ettercap).
2) If your target is hotmail or OWA, than use arpspoof + sslstrip (things may have changed for OWA on Exchange Server 2016).
3) If you want to eavesdrop with gmail or linked in, use arpspoof + sslstrip2 + dns2proxy (on my tests quarter of attacks were successful).
4) If your target is Facebook account, none of the above works.
Lesson learned: Do never connect to a login page on a public network.