[stunnel-users] Stunnel as an "HTTPS to HTTPS" proxy
meresponde2001-stn at yahoo.es
Tue Mar 5 17:26:48 CET 2013
On Tue, 05 Mar 2013 09:04:41 +0200
"jmwb at webmail.co.za" <jmwb at webmail.co.za> wrote:
> Thank you for your response Javier.
> I now understand how to phrase what I am looking for. What I am looking for is
> effectively an SSL Man-in-The-Middle (but please be assured that I am not
> looking to build malware). However, I am still not certain from your response
> that Stunnel can do this. Can the client-side handle SSL or does it only
> support clear-text on the client side?
Hi, in the example I gave to you is like this.
Hope this can help you to understand how stunnel works in such
1. Web browser without SSL support.
2. It sends clear text to the IP:port where stunnel client is
3. Stunnel in the client machine send ciphered text to the machine
with Stunnel acting as server.
4. Stunnel in the server machine sends clear text to the web
5. The web server hasn't SSL support.
6. The communication is reversed to reply to the client side.
With a diagram.
Browser <> clear text <> stunnel<> ciphered <> stunnel <> clear
text <> web server
Of course, it is possible to make a MiTM attack between browser and
stunnel and stunnel and web server at both sides, but not in
between. To accomplish such attack you'll first need to access one
of the machines and find such scenario. If both sides support SSL
you don't need stunnel (unless one of the sides doesn't support SSL)
and, therefore, all communications are ciphered P2P. No clear text.
Except keyboard/mouse loggers in the client side.
As said, is a secure tunnel, an SSL proxy. As you wish.
More information about the stunnel-users