PaulDotCom mailing list archives
Re: use cases for stunnel
From: Robin Wood <robin () digininja org>
Date: Mon, 11 Apr 2011 13:34:51 +0100
On 11 April 2011 12:58, David Porcello <DPorcello () vermontmutual com> wrote:
I've found it's a very stealthy way to get through webfilters, IPS boxes, and application-aware firewalls since it appears as SSL/HTTPS traffic instead of SSH. d.
This is the kind of thing I was thinking of, this is a good reason to use it over other encrypted communications. Robin
-----Original Message----- From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Robin Wood Sent: Monday, April 11, 2011 4:40 AM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] use cases for stunnel On 11 April 2011 00:58, Mike Patterson <mike () snowcrash ca> wrote:On 11-04-10 6:50 PM, Robin Wood wrote:I was having a look at stunnel today and I've been wondering about pen-testing use cases for it. I asked on twitter and got a few comments about using it for encrypted data exfiltration but I don't see the point, if you are on a box with stunnel then it probably also has ssh/scp so just use that.Probably, but you never know. Mine was one of the comments, btw. :) And you didn't stipulate that it was already present. :PAre there any other good use cases? Places where there isn't already an easily available an encrypted tool that will do the same job.It sounds like you've got a tool and you're looking for a place to use it. Why waste your time?I'm trying to work out if it is a waste of time to learn it in depth or if there are some good situations where it is worth understanding it. What I'm wondering is is there a killer use for it that I really should know about and know how to use and setup or is it just a tool that is worth knowing it exists and has a man page and leave it at that. I'm going to look at using it for man-in-the-middle as I like that idea. Robin_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com NOTICE: The information contained in this e-mail and any attachments is intended solely for the recipient(s) named above, and may be confidential and legally privileged. If you received this e-mail in error, please notify the sender immediately by return e-mail and delete the original message and any copy of it from your computer system. If you are not the intended recipient, you are hereby notified that any review, disclosure, retransmission, dissemination, distribution, copying, or other use of this e-mail, or any of its contents, is strictly prohibited. Although this e-mail and any attachments are believed to be free of any virus or other defects, it is the responsibility of the recipient to ensure that it is virus-free and no responsibility is accepted by the sender for any loss or damage arising if such a virus or defect exists. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- use cases for stunnel Robin Wood (Apr 10)
- Re: use cases for stunnel Karl Schuttler (Apr 10)
- Re: use cases for stunnel Dennis Lavrinenko (Apr 10)
- Re: use cases for stunnel Mike Patterson (Apr 10)
- Re: use cases for stunnel Robin Wood (Apr 11)
- Re: use cases for stunnel David Porcello (Apr 11)
- Re: use cases for stunnel Robin Wood (Apr 11)
- Re: use cases for stunnel Robin Wood (Apr 11)
- Re: use cases for stunnel Joel Esler (Apr 12)