I was having a look at stunnel today and I've been wondering about pen-testing use cases for it. I asked on twitter and got a few comments about using it for encrypted data exfiltration but I don't see the point, if you are on a box with stunnel then it probably also has ssh/scp so just use that.
The only solid example I was given was to use it back-to-back to man-in-the-middle SSL traffic where the parties don't do certificate checking. Are there any other good use cases? Places where there isn't already an easily available an encrypted tool that will do the same job. Robin _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
