[stunnel-users] Access to Packet Content

Jochen Bern Jochen.Bern at LINworks.de
Wed Mar 26 13:36:14 CET 2014

On 26.03.2014 13:05, Michael Carlino (RIT Student) wrote:
> In the client stunnel I need to make a small change to the HTTP
> packet.  I need to add some data to it.

Then you *don't* want to manipulate *packets* (as in, using iptables,
tcpdump, wireshark etc.). Adding data to a packet will mess up basic
TCP/IP mechanisms like path MTU discovery real fierce.

> I know that as a proxy stunnel has to be and tries to be general in
> nature.  I am not concerned (right now) with developing a feature that will
> become available to others later.  I don't mind if my changes make my
> development version of stunnel single-purpose.  My work is academic and
> proof-of-concept in it's nature.

Is there a reason - apart from the "server-side stunnel might want to
close the connection" you mentioned - not to leave stunnel to do what it
strives to do, and insert one or two additional layers with some
dedicated HTTP-munging software (say, privoxy) instead? Or, for that
matter, a dedicated SSL sniffer (say, ssldump) if the server side needs
only *read* access to the actual HTTP data?

								J. Bern
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27
Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202
Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel

More information about the stunnel-users mailing list